Use of uninitialized resource in Windows and Windows Server - CVE-2026-50455
Published: July 17, 2026
Windows
Windows Server
Detailed vulnerability description
The vulnerability allows a local user to disclose sensitive information.
The vulnerability exists due to use of uninitialized resource in upnp.dll when handling local access to files through the UPnP Device Host Service. A local user can access files readable by the service to disclose sensitive information.
The exposed data may include restricted system files or configuration data accessible to the service running under the LOCAL SERVICE account.