PatchSiren cyber security CVE debrief
CVE-2026-45635 Microsoft CVE debrief
CVE-2026-45635 is a HIGH severity vulnerability in Microsoft Windows. A use after free vulnerability in Universal Plug and Play (upnp.dll) allows an attacker to execute code over a network. The vulnerability has a CVSS score of 8.1 and was published on 2026-06-09T17:17:30.100Z. The vulnerability affects multiple versions of Microsoft Windows, including Windows 10, Windows 11, and Windows Server.
- Vendor
- Microsoft
- Product
- Windows
- CVSS
- HIGH 8.1
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-09
- Original CVE updated
- 2026-06-11
- Advisory published
- 2026-06-09
- Advisory updated
- 2026-06-11
Who should care
Administrators and users of Microsoft Windows, particularly those with exposure to Universal Plug and Play (UPnP) functionality, should be aware of this vulnerability.
Technical summary
The vulnerability is a use after free issue in the upnp.dll component of Microsoft Windows. This type of vulnerability occurs when a program uses memory after it has been freed, allowing an attacker to potentially execute arbitrary code.
Defensive priority
HIGH
Recommended defensive actions
- Apply patches from Microsoft as soon as possible, particularly for systems exposed to UPnP functionality.
- Review and limit exposure to UPnP if not required.
- Monitor network traffic for suspicious activity related to UPnP.
Evidence notes
The CVE record and NVD detail pages provide comprehensive information about the vulnerability, including affected versions and potential mitigations.
Official resources
-
CVE-2026-45635 CVE record
CVE.org
-
CVE-2026-45635 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
CVE-2026-45635 was published on 2026-06-09T17:17:30.100Z and modified on 2026-06-11T18:36:06.110Z.