CVE-2026-55011
Received Received - Intake

Integer Underflow in Microsoft Defender Leads to Local Code Execution

Vulnerability report for CVE-2026-55011, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-14

Last updated on: 2026-07-14

Assigner: Microsoft Corporation

Description

Integer underflow (wrap or wraparound) in Microsoft Defender allows an unauthorized attacker to execute code locally.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-14
Last Modified
2026-07-14
Generated
2026-07-14
AI Q&A
2026-07-14
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
microsoft defender *

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-191 The product subtracts one value from another, such that the result is less than the minimum allowable integer value, which produces a value that is not equal to the correct result.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Mitigation Strategies

Apply the latest security updates provided by Microsoft for Microsoft Defender to address CVE-2026-55011.

  • Visit the Microsoft Security Response Center (MSRC) update guide for CVE-2026-55011 to download and install the patch.
  • Ensure automatic updates for Microsoft Defender are enabled to receive future security fixes.
  • Monitor Microsoft's official communications for any additional mitigation steps or workarounds if a patch is not immediately available.
Executive Summary

CVE-2026-55011 is an integer underflow vulnerability in Microsoft Defender. An integer underflow occurs when a mathematical operation results in a value smaller than the minimum value that can be stored, causing it to wrap around to a very large number. In this case, the flaw allows an unauthorized attacker to execute code locally on the affected system.

The vulnerability is classified as a remote code execution (RCE) issue with a critical severity rating. This means an attacker could potentially take control of the system by exploiting this flaw.

Impact Analysis

If you are using Microsoft Defender, this vulnerability could have several impacts:

  • An attacker could execute arbitrary code on your system with the privileges of the user running Microsoft Defender.
  • The attacker could gain unauthorized access to sensitive data stored on the system.
  • The attacker could install malware, modify system configurations, or perform other malicious actions.

Since the CVSS base score is 7.8 (High), the impact is significant, particularly if the system processes sensitive or critical data.

Compliance Impact

This vulnerability could affect compliance with several standards and regulations, depending on the context of its exploitation:

  • GDPR: If the system processes personal data of EU citizens, a successful exploit could lead to unauthorized access or disclosure of this data. This may result in a data breach, requiring notification to authorities and affected individuals, as well as potential fines.
  • HIPAA: For organizations handling protected health information (PHI), exploitation of this vulnerability could lead to unauthorized access to PHI, violating HIPAA's security and privacy rules. This could result in penalties and mandatory corrective actions.
  • Other standards: Compliance frameworks like ISO 27001, NIST, or PCI DSS require organizations to maintain secure systems. A critical vulnerability like this could indicate a failure to implement adequate security controls, potentially leading to non-compliance.

To maintain compliance, it is essential to apply the necessary patches or mitigations provided by Microsoft to address this vulnerability.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-55011. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart