THREAT OPS › CVEs › CVE-2026-33825
CVE-2026-33825 — Microsoft Defender Insufficient Granularity of Access Control Vulnerability
Microsoft Defender contains an insufficient granularity of access control vulnerability that could allow an authorized attacker to escalate privileges locally.
Vulnerability details
- Affected productsDefender
- KEV remediation due2026-05-06
Exploiting threat actors
- Earth LuscaG1006
Related reporting
- RoguePlanet Zero-Day Fixed in Microsoft Defendersocradar_blog
- The April 2026 Security Update Reviewzdi_blog
- Microsoft’s June 2026 Patch Tuesday Addresses 198 CVEs ( CVE-2026-49160, CVE-2026-50507)tenable
- June 2026 CVE Landscaperecordedfuture
- April 2026 CVE Landscaperecordedfuture