ThreatLevelBeta
Planned Fix

CVE-2026-45498

Denial of Service in Microsoft Defender
Loading...

Summary

Microsoft Defender Antimalware Platform versions before 4.18.26040.7 have a denial-of-service flaw in the scanning path. A local attacker can place crafted content that the real-time scanner processes, causing the engine to hang or crash and interrupt protection. CISA’s KEV listing indicates the issue is being actively exploited.

Why Planned Fix?

4/6
Domain user required (treated as pre-auth on internal network)
Internal deployment
No user interaction needed
Exploitable in default configuration
Active exploitation in the wild
Not a high impact vulnerability

Exploitation Details

Type
DoS (Denial of Service)
Is exploitable with default configuration?
Yes
Is authentication needed?
Yes
domain user
PoC / Exploit
No
Impact

Crash or hang the Defender antimalware engine, causing loss of scanning and monitoring.

Denial of Service
Exploitation Requirements
  • Authentication required (domain user)
Exploitation Process

A local attacker drops or otherwise places crafted content on a Windows system protected by Microsoft Defender. When real-time protection or on-access scanning inspects the malformed input, the antimalware engine fails. Success is observed when Defender becomes unresponsive, logs an engine failure, or stops scanning normally until it is restarted.

Detection Resources
Manual Detection
learn.microsoft.comlearn.microsoft.com
2
Script Detection
0
Scanner Detection
Tenable Nessus
1

Affected Software

Vendor:Microsoft
ProductAffected Versions
Microsoft Defender Antimalware Platform4.18.26030.3011 through < 4.18.26040.7
Description

Microsoft Defender is Microsoft’s built-in antimalware and endpoint protection stack for Windows and Windows Server systems.

Deployment:Typically internal
|
Protocol:Local
|
Ports:
Affected ComponentCore antimalware scanning engine and real-time protection path used during file and content inspection.

Core antimalware scanning engine and real-time protection path used during file and content inspection.

Enterprise UsageEstimated likelihood that this vendor/product is deployed in enterprise environments. AI-generated estimation based on market presence, product type and adoption signals — not exact data.
Very Low
Low
Medium
High
Very High
Vendor Size:Big
Remediation
Workaround

Not available

Patch

Not available

Update
Upgrade Microsoft Defender Antimalware Platform to version 4.18.26040.7 or later via Microsoft/Windows Update.

Upgrade Microsoft Defender Antimalware Platform to version 4.18.26040.7 or later via Microsoft/Windows Update.

msrc.microsoft.com
Threat Intelligence
EPSS Score2.3%

Probability of exploitation in the next 30 days

EPSS Percentile85%

Worse than 85% of all CVEs

Last updated: Loading...
CISAKEV
CISA KEV
Listed
Loading...
Active Exploitation
Active
malwarebytes.com
Threat Actors

No known threat actors

Detection Rules1
KQL
Event | where ProviderName == "Microsoft-Windows-Windows Defender" and EventID == 5008

NVD Data

Published: Loading...Modified: Loading...

Description Summary

Microsoft Defender Denial of Service Vulnerability

CVSS Base Score

4.0
Medium

CVSS Vector (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

Attack Vector (AV)
Physical
Local
Adjacent
Network
Attack Complexity (AC)
High
Low
Privileges Required (PR)
High
Low
None
User Interaction (UI)
Required
None
Scope (S)
Unchanged
Changed
Confidentiality (C)
None
Low
High
Integrity (I)
None
Low
High
Availability (A)
None
Low
High
CWE:CWE-400 Uncontrolled Resource Consumption
|
NVD:CVE-2026-45498
|
Version From:4.18.26030.3011
|
Version Upto:4.18.26040.7

Affected Software (CPE) (1)

  • cpe:2.3:a:microsoft:defender_antimalware_platform:*:*:*:*:*:*:*:*

Sources

8
SourceArticle
msrc.microsoft.comCVE-2026-45498 Security Update Guide
nvd.nist.govNVD - CVE-2026-45498
www.cyber.gc.caMicrosoft security advisory (AV26-489)
www.cisa.govKnown Exploited Vulnerabilities Catalog
learn.microsoft.comMicrosoft Defender Antivirus event IDs and error codes
learn.microsoft.comGet-MpComputerStatus
www.malwarebytes.comMicrosoft Defender vulnerabilities are being exploited in the wild
www.tenable.comCVE-2026-45498

Priority History

Planned FixLoading...

Initial analysis