CVE-2026-33825
Analyzed
Analyzed - Analysis Complete
BaseFortify
Vulnerability report for CVE-2026-33825, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.
Publication date: 2026-04-14
Last updated on: 2026-06-17
Assigner: Microsoft Corporation
Description
Description
Insufficient granularity of access control in Microsoft Defender allows an authorized attacker to elevate privileges locally.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| microsoft | defender_antimalware_platform | to 4.18.26030.3011 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-1220 | The product implements access controls via a policy or other feature with the intention to disable or restrict accesses (reads and/or writes) to assets in a system from untrusted agents. However, implemented access controls lack required granularity, which renders the control policy too broad because it allows accesses from unauthorized agents to the security-sensitive assets. |