Link following in Windows and Windows Server - CVE-2026-49180
Published: July 17, 2026
Windows
Windows Server
Detailed vulnerability description
The vulnerability allows a local user to disclose sensitive information.
The vulnerability exists due to improper link resolution before file access ('link following') in Universal Plug and Play (upnp.dll) when accessing files. A local user can leverage a crafted link to disclose sensitive information.
The disclosed information is limited to file content.