ACCORDING to CISA, the Known Exploited Vulnerabilities Catalog lists CVE-2026-33825 as a Microsoft Defender vulnerability described as having insufficient granularity of access control that could allow an authorised attacker to escalate privileges locally. The entry notes that it is Microsoft Defender, with the associated CWE-1220, and that it is unknown whether it has been used in ransomware campaigns. Date Added is 22 April 2026 and the Due Date is 6 May 2026.
Action recommended includes applying mitigations per vendor instructions, following the BOD 22-01 guidance for cloud services, or discontinuing use of the product if mitigations are unavailable. This KEV entry points to Microsoft’s update guide and NVD for further details.