Cyber Resilience

CVE-2026-45498

MediumCISA KEVActive ExploitationEUVD Exploited

Published: 20 May 2026

Published
20 May 2026
Modified
28 May 2026
KEV Added
20 May 2026
Patch
CVSS Score v3.1 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
EPSS Score 0.6308 99.1th percentile
Risk Priority 100 floored blend · peak EPSS

Summary

CVE-2026-45498 is a medium-severity Uncontrolled Resource Consumption (CWE-400) vulnerability in Microsoft Defender Antimalware Platform. Its CVSS base score is 4.0 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Disable or Modify Tools (T1685); ranked in the top 0.9% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.

The strongest mitigations our analysis identified are NIST 800-53 SC-5 (Denial-of-service Protection) and SC-6 (Resource Availability).

Deeper analysis

Microsoft Defender is affected by a denial-of-service vulnerability tracked as CVE-2026-45498. The flaw is an instance of uncontrolled resource consumption (CWE-400) that yields a CVSS 4.0 rating reflecting local attack vector, low complexity, and no privileges or user interaction required, resulting in limited impact to availability while leaving confidentiality and integrity untouched.

An unauthenticated local attacker can trigger the condition to degrade or interrupt Microsoft Defender operations on the affected system. Because the vulnerability requires local access, exploitation is typically performed by an adversary who has already obtained code execution or interactive access on the host.

Microsoft has published remediation guidance in its Security Response Center update guide, and the vulnerability appears in the CISA Known Exploited Vulnerabilities catalog, indicating that mitigations and patching instructions are available through official Microsoft channels.

EPSS scores have remained low, with a current value of 0.0355 and a recorded peak of 0.0474.

EU & UK References

Vulnerability details

Microsoft Defender Denial of Service Vulnerability

CWE(s)
KEV Date Added
20 May 2026

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1685 Disable or Modify Tools Defense Impairment
Adversaries may disable, degrade, or tamper with security tools or applications (e.
Why these techniques?

DoS vuln in Microsoft Defender directly enables impairing/disabling the security tool via resource exhaustion (CWE-400).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-33825Same product: Microsoft Defender Antimalware Platformboth on KEV
CVE-2025-24991Same vendor: Microsoftboth on KEV
CVE-2022-41082Same vendor: Microsoftboth on KEV
CVE-2025-21418Same vendor: Microsoftboth on KEV
CVE-2025-21218Same vendor: Microsoft
CVE-2025-21351Same vendor: Microsoft
CVE-2025-21389Same vendor: Microsoft
CVE-2025-24983Same vendor: Microsoftboth on KEV
CVE-2025-24984Same vendor: Microsoftboth on KEV
CVE-2021-31207Same vendor: Microsoftboth on KEV

Affected Assets

microsoft
defender antimalware platform
≤ 4.18.26040.7

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires protection against or limitation of denial-of-service effects caused by uncontrolled resource consumption in security functions such as Microsoft Defender.

prevent

Requires allocation of resources by quota or priority to prevent the exact uncontrolled consumption (CWE-400) that produces the DoS condition in Defender.

prevent

Mandates timely flaw remediation and patch application for the published Microsoft update that eliminates the local DoS vulnerability.

References