Severity by source
AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary rating from Vendor (microsoft) · only source for this CVE.
CVSS VectorVendor: microsoft
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
2DescriptionCVE.org
Time-of-check time-of-use (toctou) race condition in Microsoft Defender allows an authorized attacker to elevate privileges locally.
AnalysisAI
Local privilege escalation in Microsoft Defender for Endpoint for macOS lets an authenticated local attacker exploit a time-of-check-to-time-of-use race to gain elevated privileges. The flaw (CWE-367) requires winning a timing window between when Defender validates a resource and when it acts on it, yielding high confidentiality, integrity, and availability impact. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Recommended ActionAI
Within 24 hours, inventory all macOS endpoints running Microsoft Defender for Endpoint to establish baseline deployment scope and identify high-value systems. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
Time-of-check time-of-use (toctou) race condition in Microsoft Defender for Endpoint allows an authorized attacker to el
Exposure of private personal information to an unauthorized actor in Microsoft Defender allows an authorized attacker to
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-44121
GHSA-crrx-464g-pwj8