[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2026-33825":6},{"stargazers_count":4,"fetched_at":5},5,"2026-04-23T10:19:07.713Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":27,"aliases":28,"duplicate_of":9,"upstream":29,"downstream":30,"duplicates":31,"related":32,"reserved_at":9,"published_at":33,"modified_at":34,"state":35,"summary":36,"references_raw":47,"kevs":65,"epss":76,"epss_history":78,"metrics":103,"affected":112},"CVE-2026-33825","Insufficient granularity of access control in Microsoft Defender allows an authorized attacker to elevate privileges locally.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":9,"capec":18},"CWE-1220","Insufficient Granularity of Access Control","The product implements access controls via a policy or other feature with the intention to disable or restrict accesses (reads and/or writes) to assets in a system from untrusted agents. However, implemented access controls lack required granularity, which renders the control policy too broad because it allows accesses from unauthorized agents to the security-sensitive assets.","weakness","Incomplete","Base",[19,23],{"id":20,"name":21,"techniques":22},"CAPEC-1","Accessing Functionality Not Properly Constrained by ACLs",[],{"id":24,"name":25,"techniques":26},"CAPEC-180","Exploiting Incorrectly Configured Access Control Security Levels",[],[],[],[],[],[],[],"2026-04-14T16:57:49.361Z","2026-04-23T03:55:44.167Z","Modified",{"cisa_kev":37,"cisa_ransomware":38,"cisa_vendor":39,"epss_severity":40,"epss_score":41,"severity":42,"severity_score":43,"severity_version":44,"severity_source":45,"severity_vector":46,"severity_status":35},true,false,"Microsoft","low",0.00062,"high",7.8,"v3.1","cve.org","CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",[48,55,60],{"url":49,"sources":50,"tags":52},"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-33825",[45,51],"nvd",[53,54],"Vendor Advisory","Patch",{"url":56,"sources":57,"tags":58},"https://www.huntress.com/blog/nightmare-eclipse-intrusion",[45,51],[59],"Third Party Advisory",{"url":61,"sources":62,"tags":63},"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-33825",[45,51],[64],"Government Resource",[66],{"source":67,"vendor":39,"product":68,"date_added":69,"vulnerability_name":70,"short_description":71,"required_action":72,"due_date":73,"known_ransomware_campaign_use":74,"notes":75,"exploitation_type":9},"cisa","Defender","2026-04-22","Microsoft Defender Insufficient Granularity of Access Control Vulnerability","Microsoft Defender contains an insufficient granularity of access control vulnerability that could allow an authorized attacker to escalate privileges locally.","Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.","2026-05-06","Unknown","https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-33825 ; https://nvd.nist.gov/vuln/detail/CVE-2026-33825",{"date":69,"score":41,"percentile":77},0.19266,[79,83,86,89,92,95,99,102],{"date":80,"score":81,"percentile":82},"2026-04-15",0.0004,0.12202,{"date":84,"score":81,"percentile":85},"2026-04-16",0.12196,{"date":87,"score":81,"percentile":88},"2026-04-17",0.12197,{"date":90,"score":81,"percentile":91},"2026-04-18",0.122,{"date":93,"score":81,"percentile":94},"2026-04-19",0.12172,{"date":96,"score":97,"percentile":98},"2026-04-20",0.00045,0.13679,{"date":100,"score":41,"percentile":101},"2026-04-21",0.19206,{"date":69,"score":41,"percentile":77},[104,109],{"source":45,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":105,"cvss_v4_0":9},{"baseScore":43,"baseSeverity":106,"vectorString":46,"impactScore":107,"exploitabilityScore":108},"HIGH",9.8,4.6,{"source":51,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":110,"cvss_v4_0":9},{"baseScore":43,"baseSeverity":106,"vectorString":111,"impactScore":107,"exploitabilityScore":108},"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",[113,124],{"ecosystem":9,"name":114,"vendor":115,"product":116,"cpe_part":117,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":118},"defender antimalware platform","microsoft","defender_antimalware_platform","a",[119],{"version":120,"is_range":37,"range_type":121,"version_start":9,"version_start_type":9,"version_end":122,"version_end_type":123,"fixed_in":9},"lt4.18.26030.3011","cpe","4.18.26030.3011","excluding",{"ecosystem":9,"name":125,"vendor":115,"product":126,"cpe_part":117,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":127},"Microsoft Defender Antimalware Platform","microsoft defender antimalware platform",[128],{"version":129,"is_range":37,"range_type":45,"version_start":130,"version_start_type":131,"version_end":122,"version_end_type":123,"fixed_in":9},">= 4.0.0.0, \u003C 4.18.26030.3011","4.0.0.0","including"]