CVE-2026-45498
MEDIUM 4 KNOWN EXPLOITEDMicrosoft Defender Denial of Service Vulnerability
ACTIVELY EXPLOITED
Confirmed exploited in the wild — in CISA KEV since 2026-05-20. Patch or mitigate now.
Exploitation likelihood
63.1%chance of exploitation in 30 days · 99th percentile
● In CISA KEV (2026-05-20)
○ Public exploit / PoC
Impact if exploited
4CVSS 3.1 · MEDIUM
- ConfidentialityNone
- IntegrityNone
- AvailabilityLow
What an attacker needs
- ⚠Access: Requires local access to the host
- ✓Privileges: No account or privileges required
- ✓User interaction: No user interaction needed
- ✓Complexity: No special conditions — reliably repeatable
✓ lowers the bar for an attacker · ⚠ raises it
Weakness (CWE)
- CWE-400: Uncontrolled resource consumption
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C