Description
Microsoft Defender Denial of Service Vulnerability
Published: 2026-05-20
Score: 4 Medium
EPSS: n/a
KEV: Yes
Impact: n/a
Action: n/a
AI Analysis

Impact

The CVE identifies a denial of service vulnerability in the Microsoft Defender Antimalware Platform. The description is limited to this statement, without detailing how the vulnerability is triggered. It is inferred that an attacker could exploit the platform to disrupt its operation, causing a loss of protection, but the exact exploitation method is not disclosed.

Affected Systems

The listed vendor/product is Microsoft Defender Antimalware Platform. No specific version details are provided in the CNA data; therefore any installation of this platform on supported Windows configurations might be at risk. Administrators should check which version of Defender is installed and ensure it is current.

Risk and Exploitability

The CVSS score is 4, indicating moderate severity. EPSS is not available, so exploitation likelihood is unknown. The vulnerability is listed in the CISA KEV catalog, signalling that it is actively exploited in the wild, though the exact attack surface is not disclosed. Because the vector is not specified, it is inferred that local or privileged access may be necessary, but this cannot be confirmed. Given the mixed indicators, the overall risk remains moderate but warrants prompt patching.

Generated by OpenCVE AI on May 20, 2026 at 21:08 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest Defender update published by Microsoft via the update guide linked in the advisory.
  • Configure Defender to restrict file scanning of untrusted content, disabling or limiting external drive scans where not needed to reduce exposure to malformed input.
  • Enforce application whitelisting or restrict execution of unverified files that could trigger the flaw, thereby limiting potential abuse.

Generated by OpenCVE AI on May 20, 2026 at 21:08 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 20 May 2026 19:15:00 +0000

Type Values Removed Values Added
First Time appeared Microsoft defender Antimalware Platform
Weaknesses NVD-CWE-noinfo
CPEs cpe:2.3:a:microsoft:defender_antimalware_platform:*:*:*:*:*:*:*:*
Vendors & Products Microsoft defender Antimalware Platform

Wed, 20 May 2026 18:30:00 +0000

Type Values Removed Values Added
References
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'active', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 20 May 2026 17:45:00 +0000

Type Values Removed Values Added
Metrics kev

{'dateAdded': '2026-05-20T00:00:00+00:00', 'dueDate': '2026-06-03T00:00:00+00:00'}

Wed, 20 May 2026 15:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-400

Wed, 20 May 2026 13:15:00 +0000

Type Values Removed Values Added
Description Microsoft Defender Denial of Service Vulnerability
Title Microsoft Defender Denial of Service Vulnerability
First Time appeared Microsoft
Microsoft microsoft Defender
CPEs cpe:2.3:a:microsoft:microsoft_defender:*:*:*:*:*:*:*:*
Vendors & Products Microsoft
Microsoft microsoft Defender
References
Metrics cvssV3_1

{'score': 4, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C'}

Subscriptions

Microsoft Defender Antimalware Platform Microsoft Defender
cve-icon MITRE

Status: PUBLISHED

Assigner: microsoft

Published:

Updated: 2026-05-20T23:28:38.624Z

Reserved: 2026-05-12T16:07:22.619Z

Link: CVE-2026-45498

cve-icon Vulnrichment

Updated: 2026-05-20T17:11:16.642Z

cve-icon NVD

Status : Analyzed

Published: 2026-05-20T13:16:36.780

Modified: 2026-05-20T19:05:46.837

Link: CVE-2026-45498

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-20T21:15:26Z

Weaknesses