CVE-2026-45498

medium Microsoft ⚠️ CISA KEV — Exploited in the Wild
CVSS v3 Base Score
4.0
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
EPSS Score
4.1%
Exploitation probability in 30 days
Top 11% most likely to be exploited
Attack Characteristics
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Confidentiality
None
Integrity
None
Availability
Low
Published: May 20, 2026 (50 days ago)
Last Modified: May 28, 2026
Vendor: Microsoft
Source: NVD

⚠️ CISA Known Exploited Vulnerability

Added to KEV: 2026-05-20
Remediation Due: 2026-06-03 (⚠ 37d overdue)

Description

Microsoft Defender Denial of Service Vulnerability

CWE

CWE-400

Affected Products

microsoft defender antimalware platform

References