CVE-2026-45584

Published May 20, 2026

Last updated 2 months ago

Overview

AI description

Automated description summarized from trusted sources.

CVE-2026-45584 is identified as a heap-based buffer overflow vulnerability found within Microsoft Defender, specifically impacting the Microsoft Malware Protection Engine. This flaw allows an unauthorized attacker to execute code over a network. The vulnerability stems from improper input validation and memory management, particularly when processing malicious inputs that exceed allocated buffer boundaries in heap memory structures. Exploitation of this weakness can lead to attackers overwriting adjacent memory locations and potentially injecting malicious code that executes with the privileges of the Defender process.

Description
Heap-based buffer overflow in Microsoft Defender allows an unauthorized attacker to execute code over a network.
Source
secure@microsoft.com
NVD status
Analyzed
Products
malware_protection_engine

Risk scores

CVSS 3.1

Type
Primary
Base score
8.1
Impact score
5.9
Exploitability score
2.2
Vector string
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity
HIGH

Weaknesses

secure@microsoft.com
CWE-122

Social media

Hype score
Not currently trending

Configurations

References

Sources include official advisories and independent security research.