cbcvebase.
CVE-2026-45498
published 2026-05-20

CVE-2026-45498: Microsoft Defender Denial of Service Vulnerability

PriorityP276high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
KEVITW
CISA Known Exploited Vulnerabilitydue 2026-06-03
Exploited in the wild
EPSS
63.08%
99.1th percentile
Microsoft Defender Denial of Service Vulnerability

Affected

2 ranges
VendorProductVersion rangeFixed in
microsoftdefender_antimalware_platform< 4.18.26040.74.18.26040.7
microsoftmicrosoft_defender_antimalware_platform>= 4.0.0.0 < 4.18.26040.74.18.26040.7

Detection & IOCsextracted from sources · hover to see the quote

  • CVE-2026-45498 has been actively exploited in the wild following public disclosure; treat any Defender definition update failures on standard-user-accessible systems as potentially malicious.
  • CVE-2026-45498 is part of a cluster of Defender zero-days (BlueHammer CVE-2026-33825, RedSun CVE-2026-41091, UnDefend CVE-2026-45498) disclosed by researcher Chaotic Eclipse (aka Nightmare-Eclipse / GitHub account MSNightmare); monitor for exploit code associated with these aliases.
  • Defender definition update blocking (CVE-2026-45498) may be used as a precursor to follow-on exploitation; correlate Defender update failures with other Defender privilege escalation CVEs (CVE-2026-33825, CVE-2026-41091) in the same timeframe.
  • ·CISA KEV remediation deadline for CVE-2026-45498 was 2026-06-03; verify all in-scope systems have applied vendor mitigations per BOD 22-01.
  • ·Exploit code for CVE-2026-45498 (UnDefend) was publicly released and subsequently uploaded to GitLab after GitHub account takedown; the exploit may be accessible via alternative repositories.

CVSS provenance

nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
vulncheck7.5HIGH
cisa7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.