Activamente explotadaCVSS 4.0 · MEDIUM
CVE-2026-45498
Microsoft Defender contains an unspecified vulnerability that allows for denial of service.
Ver en NVDAnálisis
Microsoft Defender is currently being targeted by active exploits in the wild that allow for a Denial of Service. While the severity score is moderate, its presence on the CISA KEV catalog makes it a priority for anyone managing Windows-based development environments or production servers.
Roles relevantes
WindowsCyberSecurityCloud
Severidad
Puntaje: 4.0(MEDIUM)
Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:LAV: LOCAL
AC: LOW
PR: NONE
UI: NONE
S: UNCHANGED
C: NONE
I: NONE
A: LOW
Tipo de falla (CWE):
CWE-400NVD-CWE-noinfoCISA KEV
Agregada al KEV: 2026-05-20
Fecha límite federal: 2026-06-03
Uso conocido en ransomware: Unknown
Acción requerida
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
EPSS
Probabilidad de explotación (próx. 30 días): 0.0411 (4.1%)
Percentil: 88.7%
EPSS: 2026-05-26
Afecta
microsoft:defender_antimalware_platformDescripción técnica
Microsoft Defender Denial of Service Vulnerability
Publicada: 20/5/2026, 13:16:36
Última modificación: 26/5/2026, 17:16:47