Description
Microsoft is aware of an elevation of privilege in the Microsoft Malware Protection Engine in Microsoft Defender publicly referred to as "RoguePlanet ". We are working to provide a high quality security update that addresses this vulnerability. We will provide information in this CVE when the update is available.
Published: 2026-06-16
Score: 7.8 High
EPSS: 3.4% Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability allows an attacker to gain higher privileges within the Microsoft Malware Protection Engine, the core component of Microsoft Defender. It is identified as a path traversal flaw and mapped to CWE-59, meaning a malicious input can cause the engine to access files or directories outside its intended scope, potentially leading to the execution of arbitrary code or other higher‑privilege actions.

Affected Systems

Affected vendors and Malware Protection Engine, which is the primary component of Microsoft Defender on Windows platforms. No specific version numbers are listed in the CVE data, indicating that the issue may affect all current releases of the engine until a vendor patch is released.

Risk and Exploitability

The CVSS score of 7.8 classifies the vulnerability as high severity, and the EPSS score of 3% indicates a moderate probability of exploitation. The vulnerability is not listed in the CISA KEV catalog. Because the CVE description does not disclose an explicit attack vector, the likely exploitation scenario is local or requires a foothold within the system to exploit the engine’s file handling; remote exploitation is not confirmed. Until a security update is deployed, the risk remains open for any attacker who can deliver malicious input to the Malware Protection Engine.

Generated by OpenCVE AI on June 24, 2026 at 12:04 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the official security update for the Microsoft Malware Protection Engine once Microsoft releases it.
  • Keep Microsoft Defender and all related Microsoft Defender components current through Windows Update or Microsoft Endpoint Manager to ensure the vulnerability is remediated.
  • If a patch is not yet available, restrict execution of untrusted scripts or code that may interact with the Malware Protection Engine and monitor Microsoft advisories for any interim mitigations.

Generated by OpenCVE AI on June 24, 2026 at 12:04 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 16 Jun 2026 20:30:00 +0000

Type Values Removed Values Added
References
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Tue, 16 Jun 2026 18:30:00 +0000

Type Values Removed Values Added
Description Microsoft is aware of an elevation of privilege in the Microsoft Malware Protection Engine in Microsoft Defender publicly referred to as "RoguePlanet ". We are working to provide a high quality security update that addresses this vulnerability. We will provide information in this CVE when the update is available.
Title Microsoft Defender Elevation of Privilege Vulnerability
First Time appeared Microsoft
Microsoft malware Protection Engine
Weaknesses CWE-59
CPEs cpe:2.3:a:microsoft:malware_protection_engine:*:*:*:*:*:*:*:*
Vendors & Products Microsoft
Microsoft malware Protection Engine
References
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:U/RC:C'}


Subscriptions

Microsoft Malware Protection Engine
cve-icon MITRE

Status: PUBLISHED

Assigner: microsoft

Published:

Updated: 2026-07-01T20:14:07.936Z

Reserved: 2026-06-05T14:33:50.831Z

Link: CVE-2026-50656

cve-icon Vulnrichment

Updated: 2026-06-16T18:36:21.914Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-06-16T19:16:59.683

Modified: 2026-06-16T20:42:25.013

Link: CVE-2026-50656

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-24T12:15:05Z

Weaknesses
  • CWE-59

    Improper Link Resolution Before File Access ('Link Following')