CVE-2026-33825

Microsoft Defender Elevation of Privilege Vulnerability

CVSS 7.8 HIGHEPSS 6.7%● KEVCWE-1220

In short

Microsoft Defender has a flaw in its access controls that lets someone who already has limited access on your computer gain higher-level privileges without authorization. This is dangerous because it allows an attacker to take full control of the system.

Technical detail

An insufficient granularity of access control mechanism in Microsoft Defender permits an authorized local user to escalate privileges through CWE-1220 (Inappropriate Granularity). The vulnerability requires prior local access and valid credentials but allows complete privilege elevation, impacting system confidentiality, integrity, and availability.

Summary generated and translated by AI from the official description.

Insufficient granularity of access control in Microsoft Defender allows an authorized attacker to elevate privileges locally.

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

Affected products

Microsoft · Microsoft Defender Antimalware Platform

public PoCs found — 1

githubgithub.com/0xBlackash/CVE-2026-33825★ 1

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-33825 https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-33825 https://www.huntress.com/blog/nightmare-eclipse-intrusion