Time-of-check Time-of-use Race Condition in Microsoft Defender for Endpoint
CVE-2026-45647

5.5MEDIUM

Key Information:

Vendor: Microsoft
Status: Microsoft Defender For Endpoint For Mac
Vendor: CVE Published:; 9 June 2026

What is CVE-2026-45647?

A race condition vulnerability exists in Microsoft Defender for Endpoint that permits an authorized attacker to exploit the time-of-check time-of-use (TOCTOU) scenario, enabling them to elevate their privileges locally. This flaw affects the way the product validates conditions before allowing actions to be executed, potentially leading to unauthorized access and misuse of system privileges. Organizations using Microsoft Defender for Endpoint should prioritize applying the recommended updates to mitigate the risk associated with this vulnerability.

Affected Version(s)

Microsoft Defender for Endpoint for Mac 101.0.0 < 101.26042.0011

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisorypatch

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 9, 2026
Vulnerability Reserved
May 12, 2026

CVE-2026-45647 Data

JSON