While you’re opening most outbound UDP ports for just the switch, a uPnP vulnerability has the possibility of letting an attacker open ports, especially inbound registered ports (SSH, RDP, etc), for all devices.
If you do everything right (wifi client isolation, if your WAP has that option) opening the port for the switch is “essentially” as safe as it can be. The safest being Nintendo listing their public IPs but I think switch games use P2P which is why they don’t.