CVE-2026-45498

Microsoft Defender Denial of Service Vulnerability

CVSS 4 MEDIUMEPSS 63.1%● KEVCWE-400

In short

Microsoft Defender can be made to stop working properly when it processes specially crafted files, leaving your computer unprotected. An attacker can exploit this to disable your antivirus temporarily.

Technical detail

A resource exhaustion vulnerability (CWE-400) in Microsoft Defender's file processing engine allows an unauthenticated local attacker to trigger excessive resource consumption through maliciously crafted input files, resulting in denial of service. The attack vector is local file processing, requiring no elevated privileges but direct interaction with the affected component.

Summary generated and translated by AI from the official description.

Microsoft Defender Denial of Service Vulnerability

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C

Affected products

Microsoft · Microsoft Defender Antimalware Platform

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45498 https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-45498