CVE Catalog

CVE-2026-45647

MediumCVSS 5.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.17%

7th percentile - higher than 7% of all known CVEs

Summary

A time-of-check time-of-use (TOCTOU) race condition in Microsoft Defender for Endpoint allows an authorized attacker to elevate privileges locally.

Risk Assessment

An attacker with appropriate permissions can exploit this vulnerability to gain higher privileges, potentially leading to serious security breaches in the system.

Recommendation

It is recommended to update Microsoft Defender for Endpoint to the latest version to mitigate the risks associated with this vulnerability.

Original NVD description (English source)

Time-of-check time-of-use (toctou) race condition in Microsoft Defender for Endpoint allows an authorized attacker to elevate privileges locally.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS