CVE-2026-45498
published 2026-05-20CVE-2026-45498: Microsoft Defender Denial of Service Vulnerability
PriorityP276high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
KEVITW
CISA Known Exploited Vulnerabilitydue 2026-06-03
Exploited in the wild
EPSS
63.08%
99.1th percentile
Microsoft Defender Denial of Service Vulnerability
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | defender_antimalware_platform | < 4.18.26040.7 | 4.18.26040.7 |
| microsoft | microsoft_defender_antimalware_platform | >= 4.0.0.0 < 4.18.26040.7 | 4.18.26040.7 |
Detection & IOCsextracted from sources · hover to see the quote
- →CVE-2026-45498 has been actively exploited in the wild following public disclosure; treat any Defender definition update failures on standard-user-accessible systems as potentially malicious. ↗
- →CVE-2026-45498 is part of a cluster of Defender zero-days (BlueHammer CVE-2026-33825, RedSun CVE-2026-41091, UnDefend CVE-2026-45498) disclosed by researcher Chaotic Eclipse (aka Nightmare-Eclipse / GitHub account MSNightmare); monitor for exploit code associated with these aliases. ↗
- →Defender definition update blocking (CVE-2026-45498) may be used as a precursor to follow-on exploitation; correlate Defender update failures with other Defender privilege escalation CVEs (CVE-2026-33825, CVE-2026-41091) in the same timeframe. ↗
- ·CISA KEV remediation deadline for CVE-2026-45498 was 2026-06-03; verify all in-scope systems have applied vendor mitigations per BOD 22-01. ↗
- ·Exploit code for CVE-2026-45498 (UnDefend) was publicly released and subsequently uploaded to GitLab after GitHub account takedown; the exploit may be accessible via alternative repositories. ↗
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
vulncheck7.5HIGH
cisa7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-8gp3-pghr-6wxp: Microsoft Defender Denial of Service Vulnerability
ghsa_unreviewed·2026-05-20
CVE-2026-45498 [MEDIUM] CWE-400 GHSA-8gp3-pghr-6wxp: Microsoft Defender Denial of Service Vulnerability
Microsoft Defender Denial of Service Vulnerability
VulDB
Microsoft Defender Antimalware Platform denial of service (EUVD-2026-31102)
vuldb·2026-05-20·CVSS 7.5
CVE-2026-45498 [HIGH] Microsoft Defender Antimalware Platform denial of service (EUVD-2026-31102)
A vulnerability categorized as problematic has been discovered in Microsoft Defender Antimalware Platform. The affected element is an unknown function. Executing a manipulation can lead to denial of service.
This vulnerability is handled as CVE-2026-45498. It is possible to launch the attack on the local host. Additionally, an exploit exists.
VulnCheck
Microsoft Defender Denial of Service Vulnerability
vulncheck·2026·CVSS 7.5
CVE-2026-45498 [HIGH] Microsoft Defender Denial of Service Vulnerability
Microsoft Defender Denial of Service Vulnerability
Microsoft Defender contains an unspecified vulnerability that allows for denial of service.
Affected: Microsoft Defender
Required Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Exploitation References: https://api.msrc.microsoft.com/cvrf/v3.0/cvrf/2026-May; https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45498; https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json
Remediation Due: 2026-06-03
CISA
Microsoft Defender Denial of Service Vulnerability
cisa·2026-05-20·CVSS 7.5
CVE-2026-45498 [HIGH] Microsoft Defender Denial of Service Vulnerability
Vulnerability: Microsoft Defender Denial of Service Vulnerability
Affected: Microsoft Defender
Microsoft Defender contains an unspecified vulnerability that allows for denial of service.
Required Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Notes: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-45498 ; https://nvd.nist.gov/vuln/detail/CVE-2026-45498
Remediation Due Date: 2026-06-03
No detection rules found.
No public exploits indexed.
Hackernews
Microsoft Confirms RoguePlanet Defender Zero-Day, Says Patch is in Development
blogs_hackernews·2026-06-17·CVSS 7.8
CVE-2026-50656 [HIGH] Microsoft Confirms RoguePlanet Defender Zero-Day, Says Patch is in Development
Home
Threat Intelligence
Vulnerabilities
Cyber Attacks
Webinars
Expert Insights
Awards
Webinars
Awards
Free eBooks
About THN
Jobs
Advertise with us
## Microsoft Confirms RoguePlanet Defender Zero-Day, Says Patch is in Development
Microsoft has formally disclosed that it's working to release a patch to address a Defender zero-day codenamed RoguePlanet .
The vulnerability has now been assigned the CVE identifier CVE-2026-50656 (CVSS score: 7.8), with the tech giant describing it as a privilege escalation flaw.
"Microsoft is aware of an elevation of privilege in the Microsoft Malware Protection Engine in Microsoft Defender, publicly referred to as 'RoguePlanet,'" the company said. "We are working to provide a high-quality security update that addresses this vulnerability."
Hackernews
Microsoft Defender RoguePlanet Zero-Day Grants SYSTEM Access on Updated Windows
blogs_hackernews·2026-06-10
CVE-2026-33825 Microsoft Defender RoguePlanet Zero-Day Grants SYSTEM Access on Updated Windows
Home
Threat Intelligence
Vulnerabilities
Cyber Attacks
Webinars
Expert Insights
Awards
Webinars
Awards
Free eBooks
About THN
Jobs
Advertise with us
## Microsoft Defender RoguePlanet Zero-Day Grants SYSTEM Access on Updated Windows
The anonymous security researcher going by the name Chaotic Eclipse (aka Nightmare-Eclipse) has released a proof-of-concept (PoC) exploit for yet another Microsoft Defender zero-day named RoguePlanet .
"The exploit is a race condition, so it's a hit or miss," the researcher, who published the exploit under a new GitHub account "MSNightmare" said . "I have managed to get a 100% success rate on some machines while it struggled to work on others."
Should the exploit succeed, the result is a shell with SYSTEM-level privileges, granting the attacker
Rapid7
Patch Tuesday - June 2026
blogs_rapid7·2026-06-09·CVSS 7.8
CVE-2026-33825 [HIGH] Patch Tuesday - June 2026
Microsoft is publishing 200 vulnerabilities on June 2026 Patch Tuesday . Microsoft is not aware of exploitation in the wild for any of these vulnerabilities, and is aware of public disclosure for three. This is similar to last month’s Patch Tuesday, however several of last month’s vulnerabilities ended up on CISA KEV in the days following their publication. So far this month, Microsoft has provided patches to address 360 browser vulnerabilities, which is an order of magnitude more than has been typical in any given month over the past few years. As usual, browser vulns are not included in the Patch Tuesday count above. Indeed, the vast, and presumably sustained, uptick in the number of browser vulnerabilities has led to Microsoft no longer enumerating Chromium CVEs in the Security Update G
Bleepingcomputer
Critical Windows Netlogon RCE flaw now exploited in attacks
blogs_bleepingcomputer·2026-06-01·CVSS 7.8
CVE-2026-41089 [HIGH] Critical Windows Netlogon RCE flaw now exploited in attacks
## Critical Windows Netlogon RCE flaw now exploited in attacks
## Sergiu Gatlan
"An attacker could send a specially crafted network request to a Windows server that is acting as a domain controller," it said. "If successful, this could cause the Netlogon service to improperly handle the request, potentially allowing the attacker to run code on the affected system without needing to sign in or have prior access."
CVE-2026-41089 impacts all currently supported Windows Server versions, including the latest release, Windows Server 2025.
According to a security advisory published by the company on May 12, the vulnerability was discovered by Windows Attack Research & Protection (WARP), an internal offensive cybersecurity and engineering research team at Microsoft.
On Friday, Belgium's natio
Hackernews
Microsoft Slams Public Zero-Day Disclosures Amid GitHub Researcher Account Removal
blogs_hackernews·2026-05-28·CVSS 7.8
CVE-2026-33825 [HIGH] Microsoft Slams Public Zero-Day Disclosures Amid GitHub Researcher Account Removal
Home
Threat Intelligence
Vulnerabilities
Cyber Attacks
Webinars
Expert Insights
Awards
Webinars
Awards
Free eBooks
About THN
Jobs
Advertise with us
## Microsoft Slams Public Zero-Day Disclosures Amid GitHub Researcher Account Removal
Microsoft has come out strongly in favor of Coordinated Vulnerability Disclosure (CVD), urging the research community to share their findings and give affected vendors an opportunity to better understand the impact and address them before they are publicly disclosed.
The development comes after a researcher named Chaotic Eclipse (aka Nightmare-Eclipse) disclosed details of multiple zero-day vulnerabilities affecting multiple Windows components, including Defender and BitLocker, over the past month, citing a breakdown in Microsoft's handling of
Checkpoint
25th May – Threat Intelligence Report
blogs_checkpoint·2026-05-25
CVE-2026-41091 25th May – Threat Intelligence Report
Latest Publications
CPR Podcast Channel
AI Research
Web 3.0 Security
Intelligence Reports
ThreatCloud AI
Threat Intelligence & Research
Zero Day Protection
Sandblast File Analysis
About Us
SUBSCRIBE
2026
2025
2024
2023
2022
2021
2020
2019
2018
2017
2016
## 25th May – Threat Intelligence Report
For the latest discoveries in cyber research for the week of 25th May, please download our Threat Intelligence Bulletin.
TOP ATTACKS AND BREACHES
7-Eleven, the global convenience store chain, confirmed a breach after an unauthorized access to systems used for franchisee documents. ShinyHunters claimed responsibility and said it stole more than 600,000 Salesforce records containing personal and corporate information, with affected individuals offered identity protection serv
Hackernews
⚡ Weekly Recap: Linux Flaws, Defender 0-Days, Router Botnets, and Supply Chain Chaos
blogs_hackernews·2026-05-25
CVE-2026-46333 ⚡ Weekly Recap: Linux Flaws, Defender 0-Days, Router Botnets, and Supply Chain Chaos
Home
Threat Intelligence
Vulnerabilities
Cyber Attacks
Webinars
Expert Insights
Awards
Webinars
Awards
Free eBooks
About THN
Jobs
Advertise with us
## ⚡ Weekly Recap: Linux Flaws, Defender 0-Days, Router Botnets, and Supply Chain Chaos
Monday recap. Same mess, new week.
A sketchy dev tool got people pwned, old bugs came back from the dead, and security products somehow needed protecting from themselves. A bunch of companies spent the week checking old boxes and forgotten servers they should've patched years ago. Good times.
Phishing crews are getting smarter too - less obvious scam junk, more targeted stuff that actually looks real. Meanwhile, botnets are grabbing anything exposed to the internet like it's free candy. The Internet's still a dumpster fire.
Let’s get into
Hackernews
Microsoft Warns of Two Actively Exploited Defender Vulnerabilities
blogs_hackernews·2026-05-21·CVSS 7.8
CVE-2026-41091 [HIGH] Microsoft Warns of Two Actively Exploited Defender Vulnerabilities
Home
Threat Intelligence
Vulnerabilities
Cyber Attacks
Webinars
Expert Insights
Awards
Webinars
Awards
Free eBooks
About THN
Jobs
Advertise with us
## Microsoft Warns of Two Actively Exploited Defender Vulnerabilities
Microsoft has disclosed that a privilege escalation and a denial-of-service flaw in Defender has come under active exploitation in the wild.
The former, tracked as CVE-2026-41091 , is rated 7.8 on the CVSS scoring system. Successful exploitation of the flaw could allow an attacker to gain SYSTEM privileges.
"Improper link resolution before file access ('link following') in Microsoft Defender allows an authorized attacker to elevate privileges locally," Microsoft said in an advisory.
The second vulnerability under exploitation is CVE-2026-45498 (CVSS score:
2026-05-20
Published
2026-05-20
Added to CISA KEV
Exploited in the wild