CISA has added CVE‑2026-45498 to its Known Exploited Vulnerabilities (KEV) catalogue. The flaw affects Microsoft Defender and is identified as the Microsoft Defender Denial of Service Vulnerability, which allows an attacker to cause a denial‑of‑service condition.
The vulnerability is an unspecified weakness in Microsoft Defender that can be triggered to disrupt the service’s availability, potentially preventing real‑time protection. It carries a CVSS base score of 4.0, rated MEDIUM, and a security update is already available from Microsoft. No further details about the attack vector, privilege requirements or specific components are disclosed in the advisory.
Because the vulnerability is being actively exploited in the wild, its inclusion in KEV confirms real‑world use. CISA has not linked the flaw to any ransomware campaign, and the known ransomware use remains marked as unknown. Federal civilian executive branch (FCEB) agencies must complete remediation by 3 June 2026.
CISA’s required action is to apply mitigations per vendor instructions, follow applicable BOD 22‑01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. While the directive binds FCEB agencies, all organisations are advised to assess their exposure to Microsoft Defender and implement the recommended mitigations promptly.
For full technical details, references, and the complete KEV entry, consult the NVD entry at https://nvd.nist.gov/vuln/detail/CVE-2026-45498 and the CISA KEV catalogue.