CVE-2026-45498
Analyzed
Published: 20 May 2026, 13:09
Last modified:20 May 2026, 17:12
Vulnerability Summary
Overall Risk (default)
medium
30/100 CVSS Score
7.5 HIGH
v3.1 (nvd)
EPSS Score
No data
KEV
Listed
CISA
1 listing
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected
Timeline
20 May 2026, 13:09
Published
Vulnerability first disclosed
20 May 2026, 00:00
Added to CISA KEV
Microsoft Defender Denial of Service Vulnerability
20 May 2026, 17:12
Last Modified
Vulnerability information updated
03 Jun 2026, 00:00
CISA Remediation Due
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Description
Microsoft Defender Denial of Service Vulnerability
CVSS Metrics
- v3.1•MEDIUM•Score: 4CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C
- v3.1•HIGH•Score: 7.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Techniques & Countermeasures
- CWE-400•Uncontrolled Resource Consumption
The product does not properly control the allocation and maintenance of a limited resource.
Affected Systems
- microsoft•defender_antimalware_platform
≥ 4.18.26030.3011, < 4.18.26040.7
- microsoft•microsoft defender antimalware platform
-