CVE Catalog
CVE-2026-45635
HighCVSS 8.1Exploitation Probability (EPSS)
Low risk0.52%
40th percentile - higher than 40% of all known CVEs
Summary
A type confusion vulnerability in the upnp.dll library allows an unauthorized attacker to execute code remotely over the network. The issue affects the Universal Plug and Play (UPnP) component.
Risk Assessment
An attacker can take control of the system by executing arbitrary code without authentication, compromising data confidentiality, integrity, and availability.
Recommendation
Apply the vendor-supplied patch immediately and consider disabling the UPnP service if it is not required.
Original NVD description (English source)
Access of resource using incompatible type ('type confusion') in Universal Plug and Play (upnp.dll) allows an unauthorized attacker to execute code over a network.

