Severity by source
AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Primary rating from NVD.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Lifecycle Timeline
2DescriptionCVE.org
Microsoft Defender Denial of Service Vulnerability
Articles & Coverage 1
AnalysisAI
Denial of service in Microsoft Defender Antimalware Platform allows a local, unprivileged attacker to partially degrade availability with low attack complexity and no user interaction required. The CVSS 4.0 score reflects limited impact - confidentiality and integrity are unaffected, and availability impact is rated Low. Vendor patch is available via Microsoft Security Response Center; no public exploit identified at time of analysis and no CISA KEV listing.
Technical ContextAI
The affected product is the Microsoft Defender Antimalware Platform, identified by CPE cpe:2.3:a:microsoft:microsoft_defender_antimalware_platform:*:*:*:*:*:*:*:*. The wildcard version in the CPE indicates no specific version range was bounded in NVD data. No CWE is assigned, so the precise root cause class - whether a resource exhaustion, null dereference, uncontrolled recursion, or similar pattern - cannot be confirmed from available data. The local attack vector (AV:L) suggests the triggering condition involves interaction on the local system, a pattern consistent with antimalware platforms being susceptible to crafted file inputs that cause the scan engine to stall, loop, or terminate abnormally. The combination of PR:N (no privileges) and AV:L indicates that even an unprivileged local account - or a locally-present artifact - can trigger the condition without elevated rights.
RemediationAI
A vendor-released patch is available per the Microsoft Security Response Center advisory at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45498. The exact patched platform version is not independently confirmed from the available data - consult the MSRC advisory directly for the specific platform version that resolves this issue. Microsoft Defender typically receives engine and platform updates via Windows Update and Microsoft Update automatically, so ensuring automatic updates are enabled and the latest Antimalware Platform version is deployed is the primary remediation action. If patch deployment is temporarily infeasible, consider monitoring Defender service health for unexpected stops and enabling alerting on security service disruptions as a compensating detective control, noting this does not prevent exploitation but reduces dwell time.
Same weakness CWE-400 – Uncontrolled Resource Consumption
View allSame technique Denial Of Service
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-31102
GHSA-8gp3-pghr-6wxp