Description
Heap-based buffer overflow in Microsoft Defender allows an unauthorized attacker to execute code over a network.
Published: 2026-05-20
Score: 8.1 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

This vulnerability is a heap-based buffer overflow in Microsoft Defender that permits an unauthorized attacker to execute arbitrary code. The weakness originates from insufficient bounds checking on heap allocations in the Defender engine, which can be triggered by receiving maliciously crafted data over the network. Successful exploitation would allow the attacker to gain control of local processes, potentially compromising confidentiality, integrity, and availability of the affected system.

Affected Systems

Microsoft Malware Protection Engine is affected. No specific product versions are listed, so all deployments of the current Defender engine may be vulnerable until the patch is applied.

Risk and Exploitability

The CVSS score of 8.1 indicates a high severity of remote exploitation. No EPSS score is available, and the vulnerability is not listed in the CISA KEV catalog, suggesting it is not a current exploit target. The likely attack vector is over a network, inferred from the description that the overflow occurs when processing data received from the network. An attacker would need to deliver crafted input to the vulnerable component, and a successful payload could execute arbitrary code.

Generated by OpenCVE AI on May 20, 2026 at 14:36 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the security update for Microsoft Defender that addresses CVE-2026‑45584.
  • Reboot the system if required to load the updated Defender binaries.
  • Configure firewall rules or network segmentation to restrict inbound connections to the Defender process, limiting exposure to the vulnerable buffer overflow.

Generated by OpenCVE AI on May 20, 2026 at 14:36 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 20 May 2026 15:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Wed, 20 May 2026 13:15:00 +0000

Type Values Removed Values Added
Description Heap-based buffer overflow in Microsoft Defender allows an unauthorized attacker to execute code over a network.
Title Microsoft Defender Remote Code Execution Vulnerability
First Time appeared Microsoft
Microsoft malware Protection Engine
Weaknesses CWE-122
CPEs cpe:2.3:a:microsoft:malware_protection_engine:*:*:*:*:*:*:*:*
Vendors & Products Microsoft
Microsoft malware Protection Engine
References
Metrics cvssV3_1

{'score': 8.1, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C'}

Subscriptions

Microsoft Malware Protection Engine
cve-icon MITRE

Status: PUBLISHED

Assigner: microsoft

Published:

Updated: 2026-05-21T03:55:25.649Z

Reserved: 2026-05-12T19:55:45.729Z

Link: CVE-2026-45584

cve-icon Vulnrichment

Updated: 2026-05-20T14:49:57.012Z

cve-icon NVD

Status : Analyzed

Published: 2026-05-20T13:16:37.333

Modified: 2026-05-20T18:56:32.350

Link: CVE-2026-45584

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-20T14:45:32Z

Weaknesses