ThreatLevelBeta
Planned Fix

CVE-2026-45498

Denial of Service in Microsoft Defender
Loading...

Summary

Microsoft Defender's antimalware platform and malware protection engine are affected by a denial-of-service issue in the scanning path. A local, unprivileged attacker can feed crafted input into the engine so that inspection triggers a failure, causing Defender to hang, crash, or otherwise stop providing normal protection. CISA's KEV listing shows the CVE is being actively exploited.

Why Planned Fix?

4/6
Domain user required (treated as pre-auth on internal network)
Internal deployment
No user interaction needed
Exploitable in default configuration
Active exploitation in the wild
Not a high impact vulnerability

Exploitation Details

Type
DoS (Denial of Service)
Is exploitable with default configuration?
Yes
Is authentication needed?
Yes
domain user
PoC / Exploit
No
Impact

Crash or hang the Defender antimalware engine, causing loss of scanning and monitoring.

Denial of Service
Exploitation Requirements
  • Authentication required (domain user)
Exploitation Process

An attacker with local access places or otherwise introduces crafted content that Microsoft Defender scans. When the antimalware platform or malware protection engine processes the malformed input, it follows a failing scan path that disrupts execution. Success is seen when the Defender engine becomes unresponsive, crashes, or stops scanning until it restarts or recovers.

Detection Resources
Manual Detection
0
Script Detection
0
Scanner Detection
Tenable Nessus
1

Affected Software

Vendor:Microsoft
ProductAffected Versions
Microsoft Defender Antimalware Platform4.18.26030.3011 through < 4.18.26040.7
Microsoft Malware Protection Engine< 1.1.26040.8
Description

Microsoft Defender is Microsoft’s built-in antimalware and endpoint protection stack for Windows and Windows Server systems.

Deployment:Typically internal
|
Protocol:Local
|
Ports:
Affected ComponentAntimalware scanning engine / malware protection engine used by Microsoft Defender.

Antimalware scanning engine / malware protection engine used by Microsoft Defender.

Affected Endpoints(1)https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45498
1.https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45498
Enterprise UsageEstimated likelihood that this vendor/product is deployed in enterprise environments. AI-generated estimation based on market presence, product type and adoption signals — not exact data.
Very Low
Low
Medium
High
Very High
Vendor Size:Big
Remediation
Workaround

Not available

Patch

Not available

Update
Update Microsoft Defender antimalware platform to 4.18.26040.7 or later; Microsoft also lists Microsoft Malware Protection Engine 1.1.26040.8 or later as fixed.

Update Microsoft Defender antimalware platform to 4.18.26040.7 or later; Microsoft also lists Microsoft Malware Protection Engine 1.1.26040.8 or later as fixed.

msrc.microsoft.com
Threat Intelligence
EPSS data unavailable
CISAKEV
CISA KEV
Listed
Loading...
Active Exploitation
Active
cert.ssi.gouv.fr
Threat Actors

No known threat actors

Detection Rules

No detection rules available

NVD Data

Published: Loading...Modified: Loading...

Description Summary

Microsoft Defender Denial of Service Vulnerability

CVSS Base Score

4.0
Medium

CVSS Vector (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

Attack Vector (AV)
Physical
Local
Adjacent
Network
Attack Complexity (AC)
High
Low
Privileges Required (PR)
High
Low
None
User Interaction (UI)
Required
None
Scope (S)
Unchanged
Changed
Confidentiality (C)
None
Low
High
Integrity (I)
None
Low
High
Availability (A)
None
Low
High
CWE:CWE-400 Uncontrolled Resource Consumption
|
NVD:CVE-2026-45498
|
Version From:4.18.26030.3011
|
Version Upto:4.18.26040.7

Affected Software (CPE) (1)

  • cpe:2.3:a:microsoft:defender_antimalware_platform:*:*:*:*:*:*:*:*

Sources

7
SourceArticle
nvd.nist.govCVE-2026-45498 Detail
msrc.microsoft.comMicrosoft Defender Denial of Service Vulnerability
www.cisa.govKnown Exploited Vulnerabilities Catalog
www.cyber.gc.caMicrosoft security advisory (AV26-489)
www.cert.ssi.gouv.frMultiples vulnérabilités dans les produits Microsoft
www.govcert.gov.hkHigh Threat Security Alert (A26-05-33): Multiple Vulnerabilities in Microsoft Products
www.tenable.comCVE-2026-45498

Priority History

Planned FixLoading...

Initial analysis