What is the CVSS score of CVE-2026-33825?

CVE-2026-33825 has a CVSS 3.1 base score of 7.8 (High). CVSS vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.0%.

Which versions of Microsoft are affected by CVE-2026-33825?

Microsoft Defender Antimalware Platform versions prior to 4.18.26030.3011 contain a privilege escalation vulnerability that allows authenticated local users to gain system-level access, potentially…. A patch is available.

Is there a public PoC exploit available for CVE-2026-33825?

Yes, a public proof-of-concept exploit is available for CVE-2026-33825. Prioritise patching immediately. EPSS: 0.0%.

How to fix or mitigate CVE-2026-33825?

Within 24 hours: Inventory all systems running Microsoft Defender Antimalware Platform and identify current versions via Windows Update or Microsoft Defender management console. Within 7 days: Deploy Microsoft Defender Antimalware Platform version 4.18.26030.3011 or later across all endpoints using WSUS, Intune, or equivalent patch management system. Within 30 days: Verify patch application across 100% of inventory through compliance reporting and conduct access control audit on affected systems.

Microsoft CVE-2026-33825

EUVD-2026-22643 HIGH

Insufficient Granularity of Access Control (CWE-1220)

2026-04-14 microsoft

GHSA-8vp7-4rmv-4868

Information Disclosure Microsoft

7.8

CVSS 3.1 · NVD

Temporal: 7.0

Severity by source

NVD PRIMARY

7.8 HIGH

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

ENISA EUVD

CRITICAL

qualitative

CIRCL (temporal)

7.0 HIGH

cvss

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Added to CISA KEV

Apr 23, 2026 - 17:26 cisa

CISA KEV

PoC Detected

Apr 23, 2026 - 17:26 vuln.today

Public exploit code

Government Alert

Apr 23, 2026 - 17:26 cert

Government exploitation alert

Added to CISA KEV

Apr 22, 2026 - 20:02 CISA

Analysis Updated

Apr 17, 2026 - 14:27 vuln.today

v2 (cvss_changed)

Re-analysis Queued

Apr 17, 2026 - 14:22 vuln.today

cvss_changed

Analysis Generated

Apr 14, 2026 - 19:24 vuln.today

EUVD ID Assigned

Apr 14, 2026 - 17:46 euvd

EUVD-2026-22643

Analysis Generated

Apr 14, 2026 - 17:46 vuln.today

Patch released

Apr 14, 2026 - 17:46 nvd

Patch available

CVE Published

Apr 14, 2026 - 16:57 nvd

HIGH 7.8

DescriptionCVE.org

Insufficient granularity of access control in Microsoft Defender allows an authorized attacker to elevate privileges locally.

Articles & Coverage 1

POC CVE-2026-33825 BlueHammer: Microsoft Defender EoP via TOCTOU Race Condition Apr 22, 2026

AnalysisAI

Privilege escalation in Microsoft Defender Antimalware Platform versions before 4.18.26030.3011 allows authenticated local attackers to gain elevated system privileges through insufficiently granular access controls. CVSS 7.8 (High) reflects local attack vector requiring low privileges. …

Unlock full vulnerability intelligence

Risk assessment & exploitation conditions
Attack chain visualization
Remediation with exact patch versions
Threat intelligence from 22 sources
Personal watchlist & email alerts

Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access

Gain local user access

Delivery

Launch exploit targeting Defender platform

Exploit

Abuse insufficient access controls

Execution

Execute code with elevated privileges

Persist

Achieve SYSTEM-level access

Impact

Disable security controls

Access

Gain local user access

Delivery

Launch exploit targeting Defender platform

Exploit

Abuse insufficient access controls

Execution

Execute code with elevated privileges

Persist

Achieve SYSTEM-level access

Impact

Disable security controls

Vulnerability AssessmentAI

Exploitation	Attacker must possess valid low-privileged local user credentials on a Windows system running vulnerable Microsoft Defender Antimalware Platform version 4.0.0.0 through 4.18.26030.3010. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment	Real-world risk assessment reveals moderate-to-high technical severity but limited exploitation likelihood based on multi-source signals. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario	An attacker who has already compromised a standard user account on a Windows system (through phishing, stolen credentials, or other means) executes a malicious script or binary that exploits the insufficient access controls in Microsoft Defender Antimalware Platform. By leveraging the overly permissive access boundaries within Defender's platform components, the attacker manipulates platform resources or injects code into privileged Defender processes to gain SYSTEM-level execution. …
Remediation	Update Microsoft Defender Antimalware Platform to version 4.18.26030.3011 or later, available through Microsoft's automatic update mechanism for the antimalware platform. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Inventory all systems running Microsoft Defender Antimalware Platform and identify current versions via Windows Update or Microsoft Defender management console. …

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2026-33825 vulnerability details – vuln.today

Back

Microsoft CVE-2026-33825

Severity by source

CVSS VectorNVD

Lifecycle Timeline

DescriptionCVE.org

Articles & Coverage 1

AnalysisAI

Unlock full vulnerability intelligence

Attack ChainAIDerived

Vulnerability AssessmentAI

Recommended ActionAI

Share

External POC / Exploit Code