May 12, 2026—Hotpatch KB5089466 (OS Builds 26200.8390 and 26100.8390)

May 12, 2026—Hotpatch KB5089466 OS Builds 26200.8390 and 26100.8390 This Hotpatch update for Windows 11, version 25H2 and 24H2 KB5089466 includes security improvements. To learn more about differences between security updates, optional non-security preview updates, out-of-band OOB updates, and...

May 12, 2026—KB5089548 (OS Build 28000.2113)

May 12, 2026—KB5089548 OS Build 28000.2113 ​​​​​This cumulative update for Windows 11, version 26H1 KB5089548 includes the latest security fixes and improvements, along with non-security updates from last month's optional preview release. Visit the Windows release health dashboard for the latest...

CVE-2026-32082

Concurrent execution using shared resource with improper synchronization 'race condition' in Windows SSDP Service allows an authorized attacker to elevate privileges locally...

EUVD-2026-22514

Concurrent execution using shared resource with improper synchronization 'race condition' in Windows SSDP Service allows an authorized attacker to elevate privileges locally...

CVE-2026-32082

Concurrent execution using shared resource with improper synchronization 'race condition' in Windows SSDP Service allows an authorized attacker to elevate privileges locally...

CVE-2026-32068

Concurrent execution using shared resource with improper synchronization 'race condition' in Windows SSDP Service allows an authorized attacker to elevate privileges locally...

CVE-2026-32068 Windows Simple Search and Discovery Protocol (SSDP) Service Elevation of Privilege Vulnerability

...

PT-2026-32809

Name of the Vulnerable Software and Affected Versions Windows SSDP Service affected versions not specified Description A race condition occurs in the Windows SSDP Service due to improper synchronization when using a shared resource. This allows an authorized attacker to elevate privileges locally...

Microsoft Windows SSDP 竞争条件问题漏洞

Microsoft Windows SSDP is a simple service discovery provider developed by Microsoft Corporation. The Microsoft Windows SSDP Service has a vulnerability related to race conditions. Attackers can exploit this vulnerability to gain elevated privileges. The following products and versions are...

Microsoft Windows SSDP 竞争条件问题漏洞

Microsoft Windows SSDP is a simple service discovery provider developed by Microsoft Corporation. The Microsoft Windows SSDP Service has a vulnerability related to race conditions. Attackers can exploit this vulnerability to gain elevated privileges. The following products and versions are...

CVE-2026-4499

A vulnerability was determined in D-Link DIR-820LW 2.03. Affected is the function ssdpcgimain of the component SSDP. Executing a manipulation can lead to os command injection. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized...

CVE-2026-4499 D-Link DIR-820LW SSDP ssdpcgi_main os command injection

A vulnerability was determined in D-Link DIR-820LW 2.03. Affected is the function ssdpcgimain of the component SSDP. Executing a manipulation can lead to os command injection. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized...

CVE-2026-4499 D-Link DIR-820LW SSDP ssdpcgi_main os command injection

A vulnerability was determined in D-Link DIR-820LW 2.03. Affected is the function ssdpcgimain of the component SSDP. Executing a manipulation can lead to os command injection. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized...

D-Link DIR-820LW 操作系统命令注入漏洞

The D-Link DIR-820LW is a dual-band wireless router produced by D-Link Corporation. Version 2.03 of the D-Link DIR-820LW contains a vulnerability related to operating system command injection. This vulnerability stems from the function ssdpcgimain in the SSDP component, which allows for command...

CVE-2026-3485

A flaw has been found in D-Link DIR-868L 110b03. This affects the function sub1BF84 of the component SSDP Service. This manipulation of the argument ST causes os command injection. It is possible to initiate the attack remotely. The exploit has been published and may be used. This vulnerability...

CVE-2026-3485

A flaw has been found in D-Link DIR-868L 110b03. This affects the function sub1BF84 of the component SSDP Service. This manipulation of the argument ST causes os command injection. It is possible to initiate the attack remotely. The exploit has been published and may be used. This vulnerability...

CVE-2026-3485

A flaw has been found in D-Link DIR-868L 110b03. This affects the function sub1BF84 of the component SSDP Service. This manipulation of the argument ST causes os command injection. It is possible to initiate the attack remotely. The exploit has been published and may be used. This vulnerability...

CVE-2026-3485

CVE-2026-3485 affects the D-Link DIR-868L, specifically the SSDP Service’s function sub_1BF84. Manipulation of the ST argument causes an OS command injection. The vulnerability is remotely exploitable and, per the provided PT-2026-22824 entry, the exploit has been published. The affected devices ...

CVE-2026-3485 D-Link DIR-868L SSDP Service sub_1BF84 os command injection

A flaw has been found in D-Link DIR-868L 110b03. This affects the function sub1BF84 of the component SSDP Service. This manipulation of the argument ST causes os command injection. It is possible to initiate the attack remotely. The exploit has been published and may be used. This vulnerability...

CVE-2026-3485 D-Link DIR-868L SSDP Service sub_1BF84 os command injection

A flaw has been found in D-Link DIR-868L 110b03. This affects the function sub1BF84 of the component SSDP Service. This manipulation of the argument ST causes os command injection. It is possible to initiate the attack remotely. The exploit has been published and may be used. This vulnerability...