Skip to main content

Microsoft Defender EUVDEUVD-2026-31102

| CVE-2026-45498 MEDIUM
Uncontrolled Resource Consumption (CWE-400)
2026-05-20 microsoft GHSA-8gp3-pghr-6wxp
4.0
CVSS 3.1 · NVD
Temporal: 3.5
Share

Severity by source

NVD PRIMARY
4.0 MEDIUM
AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
CIRCL (temporal)
3.5 LOW
cvss

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
Low

Lifecycle Timeline

2
Added to CISA KEV
May 20, 2026 - 17:01 CISA
Analysis Generated
May 20, 2026 - 13:36 vuln.today

DescriptionCVE.org

Microsoft Defender Denial of Service Vulnerability

AnalysisAI

Denial of service in Microsoft Defender Antimalware Platform allows a local, unprivileged attacker to partially degrade availability with low attack complexity and no user interaction required. The CVSS 4.0 score reflects limited impact - confidentiality and integrity are unaffected, and availability impact is rated Low. Vendor patch is available via Microsoft Security Response Center; no public exploit identified at time of analysis and no CISA KEV listing.

Technical ContextAI

The affected product is the Microsoft Defender Antimalware Platform, identified by CPE cpe:2.3:a:microsoft:microsoft_defender_antimalware_platform:*:*:*:*:*:*:*:*. The wildcard version in the CPE indicates no specific version range was bounded in NVD data. No CWE is assigned, so the precise root cause class - whether a resource exhaustion, null dereference, uncontrolled recursion, or similar pattern - cannot be confirmed from available data. The local attack vector (AV:L) suggests the triggering condition involves interaction on the local system, a pattern consistent with antimalware platforms being susceptible to crafted file inputs that cause the scan engine to stall, loop, or terminate abnormally. The combination of PR:N (no privileges) and AV:L indicates that even an unprivileged local account - or a locally-present artifact - can trigger the condition without elevated rights.

RemediationAI

A vendor-released patch is available per the Microsoft Security Response Center advisory at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45498. The exact patched platform version is not independently confirmed from the available data - consult the MSRC advisory directly for the specific platform version that resolves this issue. Microsoft Defender typically receives engine and platform updates via Windows Update and Microsoft Update automatically, so ensuring automatic updates are enabled and the latest Antimalware Platform version is deployed is the primary remediation action. If patch deployment is temporarily infeasible, consider monitoring Defender service health for unexpected stops and enabling alerting on security service disruptions as a compensating detective control, noting this does not prevent exploitation but reduces dwell time.

Share

EUVD-2026-31102 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy