Access Control Vulnerability in Microsoft Defender
CVE-2026-33825
Key Information:
- Vendor
Microsoft
- Vendor
- CVE Published:
- 14 April 2026
Badges
What is CVE-2026-33825?
CVE-2026-33825 is an access control vulnerability found in Microsoft Defender, a prominent security solution designed to protect devices and networks from various threats such as malware, ransomware, and other cyberattacks. This particular weakness arises from insufficient granularity in access control mechanisms within the software, allowing an authorized attacker to escalate their privileges locally. The potential exploitation of this vulnerability can lead to unauthorized changes to system configurations, access to sensitive data, and the capability to execute arbitrary commands, greatly undermining the security posture of organizations employing Microsoft Defender to safeguard their environments.
Potential Impact of CVE-2026-33825
-
Privilege Escalation: The vulnerability enables authorized attackers to gain elevated privileges, potentially allowing them to execute harmful actions that standard users cannot perform. This escalation may lead to compromised accounts, abuse of administrative controls, and unauthorized access to sensitive system areas.
-
Data Breaches: With heightened privileges, attackers could access confidential data, leading to significant breaches of sensitive information. This risk not only endangers the confidentiality of user and organizational data but may also result in legal repercussions and damage to organizational reputation if sensitive information is disclosed.
-
Impact on System Integrity: An attacker exploiting this vulnerability could manipulate critical system processes or configurations, leading to system instability or further vulnerabilities. Such modifications can allow for the installation of persistent malware, creating long-term risks that may be difficult to detect and remediate.
CISA has reported CVE-2026-33825
CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2026-33825 as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace
The CISA's recommendation is: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Affected Version(s)
Microsoft Defender Antimalware Platform 4.0.0.0 < 4.18.26030.3011
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
News Articles
CISA orders feds to patch BlueHammer flaw exploited as zero-day
CISA has ordered U.S. federal agencies to patch a Microsoft Defender privilege escalation flaw (dubbed BlueHammer) that has been exploited in zero-day attacks.
2 weeks ago
It Security NewsCVE-2026-33825U.S. CISA adds a flaw in Microsoft Defender to its Known Exploited Vulnerabilities catalog - IT Security News
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a flaw in Microsoft Defender to its Known Exploited Vulnerabilities catalog The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a flaw in Microsoft Defender, tracked as CVE-2026-33825 (CVSS score of 7.8), to…Rea...
2 weeks ago
It Security NewsCVE-2026-33825CISA Adds One Known Exploited Vulnerability to Catalog - IT Security News
CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2026-33825 Microsoft Defender Insufficient Granularity of Access Control Vulnerability This type of vulnerability is a frequent attack vector for malicious cyber…R...
2 weeks ago
References
CVSS V3.1
Timeline
- 🟡
Public PoC available
- 🦅
CISA Reported
- 🥇
Vulnerability reached the number 1 worldwide trending spot
- 📈
Vulnerability started trending
- 👾
Exploit known to exist
- 📰
First article discovered by It Security News
Vulnerability published
Vulnerability Reserved