Description
Time-of-check time-of-use (toctou) race condition in Microsoft Defender for Endpoint allows an authorized attacker to elevate privileges locally.
Published: 2026-06-09
Score: 5.5 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is a time‑of‑check time‑of‑use (TOCTOU) race condition that allows an attacker who already has authorized access to Microsoft Defender for Endpoint for Mac to elevate their privileges locally. By exploiting the race, a user with sufficient local access could potentially gain higher system privileges, enabling the execution of arbitrary code or the modification of protected files. This weakness corresponds to CWE‑367 – TOCTOU.

Affected Systems

Microsoft Defender for Endpoint for Mac is the affected product. No specific version information is provided, so all installations of this product are potentially vulnerable until an official update is applied.

Risk and Exploitability

With a CVSS score of 5.5, the vulnerability is considered moderate. The EPSS score is not available, and the vulnerability is not listed in CISA's KEV catalog, suggesting limited evidence of widespread exploitation. The attack vector is local, requiring an authorized user to trigger the race condition. Once exploited, the attacker can gain elevated privileges on the host, thereby compromising the confidentiality, integrity, and availability of the affected system.

Generated by OpenCVE AI on June 9, 2026 at 20:13 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Download and install the latest Microsoft Defender for Endpoint for Mac update that contains the fix for CVE‑2026‑45647.
  • Configure Defender to run only with the minimum privileges required and ensure that its processes cannot be elevated without explicit administrative authorization.
  • Enable audit logging for privilege changes and regularly review logs for any indications of unexpected elevation or privilege escalation activity.

Generated by OpenCVE AI on June 9, 2026 at 20:13 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 09 Jun 2026 17:15:00 +0000

Type Values Removed Values Added
Description Time-of-check time-of-use (toctou) race condition in Microsoft Defender for Endpoint allows an authorized attacker to elevate privileges locally.
Title Microsoft Defender for Endpoint for Mac Elevation of Privilege Vulnerability
First Time appeared Microsoft
Microsoft defender For Endpoint
Weaknesses CWE-367
CPEs cpe:2.3:a:microsoft:defender_for_endpoint:*:*:*:*:*:macos:*:*
Vendors & Products Microsoft
Microsoft defender For Endpoint
References
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C'}

Subscriptions

Microsoft Defender For Endpoint
cve-icon MITRE

Status: PUBLISHED

Assigner: microsoft

Published:

Updated: 2026-06-09T21:50:57.282Z

Reserved: 2026-05-12T20:33:35.157Z

Link: CVE-2026-45647

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-06-09T17:17:31.797

Modified: 2026-06-09T19:32:51.440

Link: CVE-2026-45647

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-09T20:15:07Z

Weaknesses