CVE-2026-45498
Published May 20, 2026
Last updated 17 days ago
AI description
CVE-2026-45498 is identified as a denial-of-service (DoS) vulnerability affecting the Microsoft Defender Antimalware Platform. This flaw can be exploited to prevent Microsoft Defender from functioning as intended, potentially disrupting its protective capabilities on unpatched Windows devices. Microsoft has acknowledged that this vulnerability has been exploited in the wild, and security patches have been released to address it. The affected versions include Microsoft Defender Antimalware Platform 4.18.26030.3011 and earlier.
- Description
- Microsoft Defender Denial of Service Vulnerability
- Source
- secure@microsoft.com
- NVD status
- Analyzed
- Products
- defender_antimalware_platform
CVSS 3.1
- Type
- Primary
- Base score
- 7.5
- Impact score
- 3.6
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
- Severity
- HIGH
Data from CISA
- Vulnerability name
- Microsoft Defender Denial of Service Vulnerability
- Exploit added on
- May 20, 2026
- Exploit action due
- Jun 3, 2026
- Required action
- Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- secure@microsoft.com
- CWE-400
- Hype score
- Not currently trending
🚨 #Alerta: Explotación activa de #vulnerabilidades críticas en #MicrosoftDefender | CVE-2026-4109 | CVE-2026-45498 | https://t.co/O8ZFbTJFjG
@newstecnicas
10 Jun 2026
36 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
https://t.co/eED8FsZ8zL Critical actively exploited Vuln. - CVE-2026-41089 – Windows Server Netlogon Privilege Escalation - CVE-2026-41091 – Microsoft Defender Privilege Escalation - CVE-2026-45498 – Microsoft Defender Denial of Service
@Mahendrak29
9 Jun 2026
21 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Alerta: Explotación activa de #vulnerabilidades críticas en Microsoft Defender | CVE-2026-4109 | CVE-2026-45498 | https://t.co/O8ZFbTJFjG
@newstecnicas
8 Jun 2026
41 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Alerta: #Explotación activa de #vulnerabilidades críticas en Microsoft #Defender | CVE-2026-4109 | CVE-2026-45498 | https://t.co/O8ZFbTJFjG
@newstecnicas
7 Jun 2026
42 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 #Vulnerabilidad crítica de escalada de privilegios en Microsoft Defender (CVE-2026-41091 / CVE-2026-45498) (+MITIGACIÓN) https://t.co/BebWtRlAGy
@newstecnicas
7 Jun 2026
28 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2026-41091: 🚨 Microsoft patched two Defender zero-days (CVE-2026-41091 & CVE-2026-45498) — one escalates a low-privileged attacker to SYSTEM level (local exploit, no user interaction needed), the other causes a denial-of-service. Both actively exploited; CISA…
@lyrie_ai
7 Jun 2026
23 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
🚨 #Alerta: Explotación activa de #vulnerabilidades críticas en #MicrosoftDefender | CVE-2026-4109 | CVE-2026-45498 | https://t.co/O8ZFbTJFjG
@newstecnicas
6 Jun 2026
28 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Two Microsoft Defender Zero Days Exploited Wordfence Security News Clip | May 25, 2026 Microsoft rushed out-of-band Defender updates for two zero-days, CVE-2026-41091 and CVE-2026-45498, both confirmed exploited in the wild. Attackers chain BlueHammer or Red Sun for https://t.
@wordfence
5 Jun 2026
102 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Two Microsoft Defender Zero Days Exploited Wordfence Security News Clip | May 25, 2026 Microsoft rushed emergency out-of-band Defender updates for two zero-days - CVE-2026-41091 and CVE-2026-45498 - already exploited in the wild. Attackers combine BlueHammer or Red Sun to gain
@wordfence
5 Jun 2026
115 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
【Microsoft Defenderの脆弱性2件が実悪用】 Microsoft DefenderのCVE-2026-41091とCVE-2026-45498について、実悪用が確認されています。 CVE-2026-41091は権限昇格によりSYSTEM権限取得につながる可能性があり、CVE-2026-45498はDefender
@01ra66it
3 Jun 2026
162 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🛡️ استغلال فعّال لثغرتين في Microsoft Defender: CVE-2026-41091 (صلاحيات SYSTEM) و CVE-2026-45498 (DoS) CISA أضافتهما لـ KEV بمهلة 3 يونيو 2026. حدّث Antimalware Platform فوراً. 🔗 المصدر: The Hacker News #C
@azez_alzamil
3 Jun 2026
45 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
https://t.co/oRe1yxVAe2 Check for updates: Defender vulnerabilities were actively exploited. Microsoft has patched three security vulnerabilities in Defender that organizations should check: CVE-2026-41091, CVE-2026-45584, and CVE-2026-45498. Two of the vulnerabilities have r
@B2bCyber
2 Jun 2026
34 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Updates prüfen: Defender-Lücken wurden aktiv attackiert https://t.co/0ken7JP267 Microsoft hat drei Sicherheitslücken in Defender geschlossen, die Unternehmen prüfen sollten: Betroffen sind CVE-2026-41091, CVE-2026-45584 und CVE-2026-45498. Zwei der Schwachstellen wurden lau
@B2bCyber
2 Jun 2026
40 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
🚨 #Vulnerabilidad crítica de escalada de privilegios en #Microsoft #Defender (CVE-2026-41091 / CVE-2026-45498) (+MITIGACIÓN) https://t.co/BebWtRlAGy
@newstecnicas
1 Jun 2026
35 Impressions
1 Retweet
1 Like
0 Bookmarks
0 Replies
0 Quotes
BREAKING: Reports claim "Nightmare Eclipse" has been removed from GitHub and GitLab. Linked CVEs: • CVE-2026-45585 • CVE-2026-45498 • CVE-2026-41091 No official confirmation from MITRE or Microsoft MSRC. https://t.co/IgJH6qkwXl #CyberSecurity #InfoSec #CVE #MasaudSec #h
@masaudsec
31 May 2026
149 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Microsoft Defender: CVE-2026-41091 und CVE-2026-45498 aktiv ausgenutzt. Sofortiges Patchen erforderlich. #ITSecurity #MicrosoftDefender #CVE https://t.co/V7oIVyXjrI
@wall_your_x
29 May 2026
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Microsoft Defender vulnerabilities CVE-2026-41091 and CVE-2026-45498 were exploited in the wild. Verify Defender engine and platform versions instead of assuming automatic updates completed. Source: https://t.co/yLbuqR1ENs...
@InfosecDotWatch
28 May 2026
32 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
After analyzing 53% of vulnerabilities from past week, CVE-2026-45498 has 27 articles published from different internet sources, no other cve has these many articles. More information here: https://t.co/SyyDujjO8C #vulnerability #CyberSecurity #ThreatIntel #CVE #SecurityAlert
@stooee_
27 May 2026
38 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Microsoft исправила 0-day-уязвимости UnDefend и RedSun Разработчики выпустили внеплановые исправления двух 0-day-уязвимостей в Microsoft Defender. Речь идет о багах CVE-2026-41091 и CVE
@XakepRU
26 May 2026
372 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
【Microsoft Defenderの2件のゼロデイが実悪用、CISA KEVにも追加】 Microsoft DefenderのCVE-2026-41091とCVE-2026-45498が、実悪用されたゼロデイとして修正されました。
@01ra66it
26 May 2026
227 Impressions
1 Retweet
0 Likes
1 Bookmark
0 Replies
0 Quotes
🚨 Your clients' Defender just became their attack door. Active exploitation means silence = breach liability for you. Patch CVE-2026-41091 and CVE-2026-45498 in 24h, then tell every client you did. Document it. #mssp #zerodayresponse https://t.co/OV2F4X3Yjw
@bettermssp
25 May 2026
151 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨🖥️「Microsoft Defender」に権限昇格やDoS脆弱性 - 悪用を確認:Security NEXT マイクロソフトは、Microsoft Defenderに存在する実際に悪用済みのゼロデイ脆弱性「RedSun (CVE-2026-41091)」および「UnDefend (CVE-2026-45498)」に
@WJf4szkSeHcwQyq
25 May 2026
79 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
【Microsoft Defenderのゼロデイ2件が実悪用、KEV追加】 Microsoft Defender関連のCVE-2026-41091とCVE-2026-45498が、攻撃で悪用されています。 CVE-2026-41091はMalware Protection Engineの権限昇格、CVE-2026-45498はDefender Antimalware Platform
@01ra66it
25 May 2026
356 Impressions
2 Retweets
2 Likes
1 Bookmark
0 Replies
0 Quotes
Microsoft、ゼロデイ 脆弱性のRedSun(CVE-2026-41091)とUnDefend(CVE-2026-45498)の緊急パッチを公開・YellowKey(CVE-2026-45585)は「緩和策のみ」 https://t.co/0SdkLe41S3 #セキュリティ対策Lab #security #securitynews
@securityLab_jp
24 May 2026
152 Impressions
0 Retweets
0 Likes
1 Bookmark
0 Replies
0 Quotes
Microsoft Defender #ITSecurity patches coming real soon, https://t.co/McjfTmci91 CVE-2026-41091 allows for local privilege elevation (LPE), CVE-2026-45498 can cause a denial-of-service (DoS) state,
@seaarepea
24 May 2026
52 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 #Vulnerabilidad crítica de escalada de privilegios en #Microsoft #Defender (CVE-2026-41091 / CVE-2026-45498) (+MITIGACIÓN) https://t.co/BebWtRm8w6
@newstecnicas
24 May 2026
58 Impressions
1 Retweet
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🟠 #Microsoft Defender, Denial of Service, #CVE-2026-45498 (Medium) https://t.co/UF0o4jer0U
@dailycve
24 May 2026
63 Impressions
2 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
【Microsoft Defenderの2脆弱性が実悪用】 Microsoft DefenderのCVE-2026-41091とCVE-2026-45498について、実悪用が報告されています。 CVE-2026-41091は権限昇格によりSYSTEM権限取得につながる可能性があり、CVE-2026-45498はDoSに関係
@01ra66it
23 May 2026
203 Impressions
0 Retweets
0 Likes
3 Bookmarks
0 Replies
0 Quotes
Two Microsoft Defender flaws are being actively exploited in the wild — CVE-2026-41091 (privilege escalation, CVSS 7.8) and CVE-2026-45498 (DoS). CISA added both to its KEV catalog; federal agencies must patch by June 3. Check your update queue.
@tbuzzdaily
22 May 2026
45 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️ ACTIVE EXPLOITATION ALERT: Flaws in Microsoft Defender (CVE-2026-41091, CVE-2026-45498) are being used by attackers to gain SYSTEM privileges and disable AV. Patch the Malware Protection Engine immediately! #CyberSecurity #Vulnerability #PatchNow 🌐 cyber[.]netsecops[.]
@NetSecIO
22 May 2026
68 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Microsoft Defender zero‑days actively exploited in the wild. CVE-2026-41091 (CVSS 7.8): Local privilege escalation CVE-2026-45498 (CVSS 4.0): Denial of service → Defender crashes, protection disabled 🔗 https://t.co/R7U3bzdppP #CyberSecurity #CVE202641091 #CVE2026
@ThreatAft
22 May 2026
59 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
2 Defender zero-days chained in live attacks: CVE-2026-45498 kills AV, CVE-2026-41091 escalates to SYSTEM. CISA KEV added May 20. Patch Engine to 1.1.26040.8 now. https://t.co/hi6Gy04edk #CyberSecurity #ZeroDay #Windows #CISA #PatchNow https://t.co/CXWcIL9xvJ
@DecryptionDigst
22 May 2026
93 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Microsoft Patches Actively Exploited Defender Vulnerabilities Affecting Enterprise Systems https://t.co/LVpJTr7xGm Microsoft has confirmed active exploitation of two security vulnerabilities in its security ecosystem, identified as CVE-2026-41091 and CVE-2026-45498, both eval
@f1tym1
22 May 2026
38 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Update Your Security Now: Microsoft Defender elevation of Privilege Vulnerability for CVE-2026-41091 & CVE-2026-45498 and More #Microsoft #Defender #Vulnerability #CVE-2026-41091 https://t.co/RHwE35IXMo
@SudamaSb
22 May 2026
18 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Update Your Security Now: Microsoft Defender elevation of Privilege Vulnerability for CVE-2026-45498 #Microsoft #Defender #Vulnerability #CVE-2026-45498 https://t.co/gQArvaXGeJ
@SudamaSb
22 May 2026
12 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
New! CISA warns of active exploitation of two Microsoft Defender zero-days (CVE-2026-41091, CVE-2026-45498), risking system compromise & DoS. Patching Langflow & Trend Micro Apex One also critical due to active exploits. Protect data now! #Cybersecurity #Vulnerabilities #
@YourAnon_irc
22 May 2026
56 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
マイクロソフト、Defenderの悪用されたゼロデイを修正(CVE-2026-41091、CVE-2026-45498) | Codebook|Security News https://t.co/FZkk4mZYCU
@ohhara_shiojiri
22 May 2026
80 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🔨マイクロソフト、Defenderの悪用されたゼロデイを修正(CVE-2026-41091、CVE-2026-45498) ⚠️Cisco Secure WorkloadにCVSS 10.0の重大な脆弱性、サイト管理者権限を付与する恐れ(CVE-2026-20223) 〜サイバーアラート5月22日
@MachinaRecord
22 May 2026
167 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
CVE-2026-41091、CVE-2026-45498。Microsoft Defenderに2件のゼロデイ。 特権昇格とDoS、すでに悪用。 ↓詳細はリプライで #脆弱性 https://t.co/XJsNy4Idnt
@motch_dev
22 May 2026
61 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Microsoft patches two Defender zero-days (CVE-2026-41091, CVE-2026-45498) actively exploited for privilege escalation and DoS. CISA orders federal agencies to patch by June 3rd. #DFIR_Radar https://t.co/AfAgZSjoIE
@DFIR_Radar
22 May 2026
147 Impressions
0 Retweets
2 Likes
0 Bookmarks
1 Reply
0 Quotes
【Microsoft Defenderの権限昇格・DoS脆弱性、悪用確認】 Microsoft Defenderで、CVE-2026-41091とCVE-2026-45498の悪用が確認されています。 CVE-2026-41091は、Microsoft Malware Protection
@01ra66it
21 May 2026
552 Impressions
1 Retweet
4 Likes
1 Bookmark
0 Replies
0 Quotes
Microsoft says CVE-2026-41091 and CVE-2026-45498 in Defender are actively exploited. One can raise local privileges to SYSTEM, the other causes DoS. Fixed in Defender platform updates. #Microsoft #Defender #CISA https://t.co/dBCj7CXykf
@TweetThreatNews
21 May 2026
226 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Microsoft Defenderの脆弱性が実際に悪用される事例が発生(CVE-2026-41091、CVE-2026-45498) Microsoft Defender vulnerabilities exploited in the wild (CVE-2026-41091, CVE-2026-45498) #HelpNetSecurity (May 21) https://t.co/McG2NtTVhC
@foxbook
21 May 2026
218 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
MS Defenderの特権昇格(CVE-2026-41091/CVSS 7.8)とDoS(CVE-2026-45498)を悪用。link following不備でSYSTEM奪取可能。Antimalware Platform 1.1.26040.8等で修正、CISAはKEV追加し6/3まで適用要 / Microsoft Warns of Two Actively Exploited Defender Vulnerabiliti
@__su888
21 May 2026
77 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
⚠️ ACTIVE EXPLOITATION ALERT: Flaws in Microsoft Defender (CVE-2026-41091, CVE-2026-45498) are being used by attackers to gain SYSTEM privileges and disable AV. Patch the Malware Protection Engine immediately! #CyberSecurity #Vulnerability #PatchNow 🌐 cyber[.]netsecops[.]
@NetSecIO
21 May 2026
96 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Microsoft Defender CVEs: CVE-2026-41091 (local privilege escalation) and CVE-2026-45498 (denial of service) https://t.co/NMfudKi8qc
@ToolsLib
21 May 2026
58 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🛡️ CVE-2026-41091 + CVE-2026-45498 | CISA KEV | June 3 Deadline Two Defender zero-days: SYSTEM LPE via symlink + DoS that blinds Defender entirely. Fixed in MMPE 1.1.26040.8. Run Get-MpComputerStatus and verify now. https://t.co/JNC6p8qWJT
@colibrisec
21 May 2026
2 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Microsoft Defender vulnerabilities exploited in the wild (CVE-2026-41091, CVE-2026-45498) https://t.co/gcpvitkAAM Attackers are exploiting two Microsoft Defender vulnerabilities (CVE-2026-41091 and CVE-2026-45498), Microsoft acknowledged and CISA confirmed by adding them to it
@f1tym1
21 May 2026
43 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 MICROSOFT DEFENDER: Dos zero-days activamente explotados 🔴 CVE-2026-41091 (EoP → SYSTEM) 🔴 CVE-2026-45498 (DoS) ⚠️ CISA los añadió a su catálogo KEV. ¡Parche disponible! #Microsoft #Defender #0Day #CVE #Ciberseguridad https://t.co/A0mWTxJxv0
@esecintelcl
21 May 2026
81 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2026-41091 & CVE-2026-45498: Analisis Teknis Link Following LPE dan DoS di Microsoft Defender. #ethicalhackingindonesia #cve #microsoft #windowsdefender #localprevilageescalation https://t.co/FM1XucPCwX
@SavaBenediktus
21 May 2026
45 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:defender_antimalware_platform:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7DBA2812-3139-4628-9CE5-FB2241242A6C",
"versionEndExcluding": "4.18.26040.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]