CVE-2026-45498
Published: 20 May 2026
Summary
CVE-2026-45498 is a medium-severity Uncontrolled Resource Consumption (CWE-400) vulnerability in Microsoft Defender Antimalware Platform. Its CVSS base score is 4.0 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Disable or Modify Tools (T1685); ranked in the top 0.9% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.
The strongest mitigations our analysis identified are NIST 800-53 SC-5 (Denial-of-service Protection) and SC-6 (Resource Availability).
Deeper analysis
Microsoft Defender is affected by a denial-of-service vulnerability tracked as CVE-2026-45498. The flaw is an instance of uncontrolled resource consumption (CWE-400) that yields a CVSS 4.0 rating reflecting local attack vector, low complexity, and no privileges or user interaction required, resulting in limited impact to availability while leaving confidentiality and integrity untouched.
An unauthenticated local attacker can trigger the condition to degrade or interrupt Microsoft Defender operations on the affected system. Because the vulnerability requires local access, exploitation is typically performed by an adversary who has already obtained code execution or interactive access on the host.
Microsoft has published remediation guidance in its Security Response Center update guide, and the vulnerability appears in the CISA Known Exploited Vulnerabilities catalog, indicating that mitigations and patching instructions are available through official Microsoft channels.
EPSS scores have remained low, with a current value of 0.0355 and a recorded peak of 0.0474.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-31102
Vulnerability details
Microsoft Defender Denial of Service Vulnerability
- CWE(s)
- KEV Date Added
- 20 May 2026
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
DoS vuln in Microsoft Defender directly enables impairing/disabling the security tool via resource exhaustion (CWE-400).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires protection against or limitation of denial-of-service effects caused by uncontrolled resource consumption in security functions such as Microsoft Defender.
Requires allocation of resources by quota or priority to prevent the exact uncontrolled consumption (CWE-400) that produces the DoS condition in Defender.
Mandates timely flaw remediation and patch application for the published Microsoft update that eliminates the local DoS vulnerability.