{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-33825", "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "state": "PUBLISHED", "assignerShortName": "microsoft", "dateReserved": "2026-03-24T00:52:01.352Z", "datePublished": "2026-04-14T16:57:49.361Z", "dateUpdated": "2026-05-12T17:38:43.822Z"}, "containers": {"cna": {"title": "Microsoft Defender Elevation of Privilege Vulnerability", "datePublic": "2026-04-14T14:00:00.000Z", "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:microsoft:microsoft_defender:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.0.0.0", "versionEndExcluding": "4.18.26030.3011"}]}]}], "affected": [{"vendor": "Microsoft", "product": "Microsoft Defender Antimalware Platform", "versions": [{"version": "4.0.0.0", "lessThan": "4.18.26030.3011", "versionType": "custom", "status": "affected"}]}], "descriptions": [{"value": "Insufficient granularity of access control in Microsoft Defender allows an authorized attacker to elevate privileges locally.", "lang": "en-US"}], "problemTypes": [{"descriptions": [{"description": "CWE-1220: Insufficient Granularity of Access Control", "lang": "en-US", "type": "CWE", "cweId": "CWE-1220"}]}], "providerMetadata": {"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft", "dateUpdated": "2026-05-12T17:38:43.822Z"}, "references": [{"name": "Microsoft Defender Elevation of Privilege Vulnerability", "tags": ["vendor-advisory", "patch"], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-33825"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en-US", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "baseSeverity": "HIGH", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C"}}]}, "adp": [{"references": [{"url": "https://www.huntress.com/blog/nightmare-eclipse-intrusion", "tags": ["third-party-advisory"]}, {"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-33825", "tags": ["government-resource"]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-23T03:55:45.505705Z", "id": "CVE-2026-33825", "options": [{"Exploitation": "active"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}, {"other": {"type": "kev", "content": {"dateAdded": "2026-04-22", "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-33825"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-23T12:41:44.667Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-33825", "role": "CISA Coordinator", "options": [{"Exploitation": "active"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-04-23T03:55:45.505705Z"}}}, {"other": {"type": "kev", "content": {"dateAdded": "2026-04-22", "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-33825"}}}], "references": [{"url": "https://www.huntress.com/blog/nightmare-eclipse-intrusion", "tags": ["third-party-advisory"]}, {"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-33825", "tags": ["government-resource"]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-15T09:08:59.756Z"}}], "cna": {"title": "Microsoft Defender Elevation of Privilege Vulnerability", "metrics": [{"format": "CVSS", "cvssV3_1": {"version": "3.1", "baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C"}, "scenarios": [{"lang": "en-US", "value": "GENERAL"}]}], "affected": [{"vendor": "Microsoft", "product": "Microsoft Defender Antimalware Platform", "versions": [{"status": "affected", "version": "4.0.0.0", "lessThan": "4.18.26030.3011", "versionType": "custom"}]}], "datePublic": "2026-04-14T14:00:00.000Z", "references": [{"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-33825", "name": "Microsoft Defender Elevation of Privilege Vulnerability", "tags": ["vendor-advisory", "patch"]}], "descriptions": [{"lang": "en-US", "value": "Insufficient granularity of access control in Microsoft Defender allows an authorized attacker to elevate privileges locally."}], "problemTypes": [{"descriptions": [{"lang": "en-US", "type": "CWE", "cweId": "CWE-1220", "description": "CWE-1220: Insufficient Granularity of Access Control"}]}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:microsoft_defender:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "4.18.26030.3011", "versionStartIncluding": "4.0.0.0"}], "operator": "OR"}]}], "providerMetadata": {"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft", "dateUpdated": "2026-05-12T17:38:43.822Z"}}}, "cveMetadata": {"cveId": "CVE-2026-33825", "state": "PUBLISHED", "dateUpdated": "2026-05-12T17:38:43.822Z", "dateReserved": "2026-03-24T00:52:01.352Z", "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "datePublished": "2026-04-14T16:57:49.361Z", "assignerShortName": "microsoft"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:defender_antimalware_platform:*:*:*:*:*:*:*:*", "matchCriteriaId": "6EAD29A5-76E3-454D-A56D-46706F02347F", "versionEndExcluding": "4.18.26030.3011", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Insufficient granularity of access control in Microsoft Defender allows an authorized attacker to elevate privileges locally."}], "id": "CVE-2026-33825", "lastModified": "2026-04-23T17:26:30.713", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "secure@microsoft.com", "type": "Secondary"}]}, "published": "2026-04-14T18:17:35.100", "references": [{"source": "secure@microsoft.com", "tags": ["Vendor Advisory"], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-33825"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["US Government Resource"], "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-33825"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Third Party Advisory"], "url": "https://www.huntress.com/blog/nightmare-eclipse-intrusion"}], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-1220"}], "source": "secure@microsoft.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[4.0.0.0,4.18.26030.3011)"}}], "enrichment": {"confidence": 90.0, "confidence_source": "matching", "scores": [{"score": 90.0, "source": "matching"}]}, "original": {"product": "Microsoft Defender Antimalware Platform", "source": "cna", "vendor": "Microsoft"}, "product": "windows_defender_antimalware_platform", "vendor": "microsoft"}], "analysis": {"en": {"generated_at": "2026-04-28T16:26:12.575956+00:00", "value": {"mitigation_remediation": ["Apply the latest Defender update from Microsoft Security Response Center or Windows Update.", "Restrict local accounts to the minimum privileges required for their tasks and disable any unnecessary administrator accounts.", "Enforce least privilege by configuring Defender permissions via Group Policy and auditing any changes to high\u2011privilege accounts."], "summary": {"action": "Immediate Patch", "impact": "Privilege Escalation"}, "threat_synthesis": {"affected_systems": "All installations of Microsoft Defender Antimalware Platform, including Windows Defender, are affected unless they have already applied the security update referenced in the Microsoft Advisory. Developers should verify the Defender version and apply the latest update. The workaround is not specified by Microsoft.", "description_and_impact": "The vulnerability arises from insufficient granularity in Microsoft Defender's access control, enabling an attacker with legitimate local access to elevate privileges to higher levels. This flaw, identified as CWE-1220, can lead to unauthorized execution of actions that require elevated rights, potentially compromising the entire system. The impact is local privilege escalation, permitting the attacker to exploit system resources, modify configuration, or install malware.", "risk_and_exploitability": "The CVSS score of 7.8 marks this as a high impact vulnerability, while an EPSS score of 3% indicates a modest probability of exploitation in the wild. With this vulnerability listed in the CISA Known Exploited Vulnerabilities catalog, security teams should treat it as a confirmed threat. The attack requires an authorized local user and bypasses the platform\u2019s granular access controls, allowing the attacker to elevate privileges. No public vulnerability exploitation string has been publicly disclosed beyond the advisory, but the KEV listing demonstrates that exploitation has already occurred."}}}}, "created": "2026-04-15T15:00:06.170987+00:00", "updated": "2026-04-28T16:30:35.101961+00:00", "vendors": ["microsoft", "microsoft$PRODUCT$windows_defender_antimalware_platform"]}