CVE Catalog

CVE-2026-45635

HighCVSS 8.1
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.52%

40th percentile - higher than 40% of all known CVEs

Summary

A type confusion vulnerability in the upnp.dll library allows an unauthorized attacker to execute code remotely over the network. The issue affects the Universal Plug and Play (UPnP) component.

Risk Assessment

An attacker can take control of the system by executing arbitrary code without authentication, compromising data confidentiality, integrity, and availability.

Recommendation

Apply the vendor-supplied patch immediately and consider disabling the UPnP service if it is not required.

Original NVD description (English source)

Access of resource using incompatible type ('type confusion') in Universal Plug and Play (upnp.dll) allows an unauthorized attacker to execute code over a network.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS