cve detail

CVE-2026-33825

naam

Microsoft Defender Insufficient Granularity of Access Control Vulnerability

Microsoft Defender contains an insufficient granularity of access control vulnerability that could allow an authorized attacker to escalate privileges locally.

KEV

bekend misbruikt

EPSS

4,9%

percentiel

90%

vendor

Microsoft

product

Defender

toegevoegd aan KEV

22 apr 2026

due date

06 mei 2026

ransomware

Unknown

CWE

CWE-1220

EPSS datum

12 mei 2026

aanbevolen actie

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

notities

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-33825 ; https://nvd.nist.gov/vuln/detail/CVE-2026-33825