TP-EXP-2026-0289 CVE-2026-45498 medium Active Exploitation AI Draft

Microsoft Defender Denial of Service Vulnerability (CVE-2026-45498)

CVE CVE-2026-45498 Platform Microsoft Defender Type Denial of Service

Severity MEDIUM

Status Active Exploitation

Zero-Day Confirmed

Disclosed May 20, 2026

Patched January 1, 1970

Researcher Unknown CISA KEV Listed

Severity Assessment

Exploitability: 5/10
Impact: 5/10
Weaponization Risk: 5/10
Patch Urgency: 8/10
Detection Coverage: 6/10

CVE-2026-45498 is KEV-listed as of 2026-05-20 with a required action due date of 2026-06-03. Public references show different scoring contexts (Microsoft update-guide secondary score context and NVD CVSS context), and KEV inclusion indicates elevated remediation urgency for defenders.

Summary

CVE-2026-45498 is documented as a Microsoft Defender denial-of-service vulnerability. CISA KEV identifies it as actively relevant for federal remediation timelines and links to Microsoft and NVD references.

Publicly available references support vulnerability classification and remediation urgency, while detailed exploit-chain internals remain limited in the cited public sources.

Exploit Chain

Stage 1: Vulnerable Component Exposure

A vulnerable Microsoft Defender component is present in affected environments.

Stage 2: Triggering Condition

A crafted input or sequence triggers a denial-of-service condition in the affected component.

Stage 3: Service Availability Impact

Defender functionality may degrade or stop, reducing defensive availability until recovery or patching actions are applied.

Detection Guidance

Monitor Defender service stability events and unexpected process/service restarts around security-engine operations.
Alert on repeated crash/recovery patterns in Defender-related telemetry.
Correlate endpoint availability anomalies with attempted security-control interruption patterns.

Indicators of Compromise

Recurrent Defender service interruptions without expected maintenance activity.
Event log patterns consistent with repeated service failures tied to Defender components.
Host protection gaps following service interruption windows.

Disclosure Timeline

2026-05-20 — KEV entry added

CISA added CVE-2026-45498 to the KEV catalog with a required-action due date of 2026-06-03.

2026-05-19 — Vendor advisory reference

Microsoft’s update-guide entry for CVE-2026-45498 is referenced by KEV for remediation guidance.

2026-05-28 — NVD reference accessed

NVD record for CVE-2026-45498 available for vulnerability tracking and metadata correlation.

Sources & References

Cybersecurity and Infrastructure Security Agency: Known Exploited Vulnerabilities Catalog — Cybersecurity and Infrastructure Security Agency, 2026-05-20
National Vulnerability Database: CVE-2026-45498 Detail — National Vulnerability Database, 2026-05-28
Microsoft: MSRC Update Guide for CVE-2026-45498 — Microsoft, 2026-05-19