CVE-2026-33825

HighCISA KEVActive Exploitation

Published: 14 April 2026

Published

14 April 2026

Modified

23 April 2026

KEV Added

—

Patch

—

CVSS Score 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0485 89.6th percentile

Risk Priority 39 60% EPSS · 20% KEV · 20% CVSS

Description

Insufficient granularity of access control in Microsoft Defender allows an authorized attacker to elevate privileges locally.

Mitigating Controls (NIST 800-53 r5)AI

AC-6 Least Privilege good match

prevent

AC-6 enforces the principle of least privilege, directly preventing local privilege escalation enabled by insufficient access control granularity in Microsoft Defender.

AC-3 Access Enforcement good match

prevent

AC-3 requires systems to enforce approved access authorizations with sufficient granularity to block unauthorized operations and privilege elevation in Microsoft Defender.

AC-25 Reference Monitor good match

prevent

AC-25 implements a tamper-proof reference monitor to enforce granular access control policies, addressing the core insufficient granularity flaw in Microsoft Defender.

Security SummaryAI

CVE-2026-33825 is an insufficient granularity of access control vulnerability in Microsoft Defender that enables local privilege escalation. Published on 2026-04-14, it carries a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) and is associated with CWE-1220. The flaw affects Microsoft Defender, where access controls lack the necessary precision to prevent unauthorized operations.

A low-privileged local attacker can exploit this vulnerability with low complexity and no user interaction required. Successful exploitation grants high-impact confidentiality, integrity, and availability consequences, allowing the attacker to elevate privileges on the affected system.

Microsoft's Security Response Center provides an update guide at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-33825 detailing patches and mitigations. The vulnerability appears in CISA's Known Exploited Vulnerabilities Catalog at https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-33825, indicating active exploitation. Additional analysis is available in Huntress's blog post at https://www.huntress.com/blog/nightmare-eclipse-intrusion.

Details

CWE(s): CWE-1220
KEV Date Added: See CISA KEV catalog

Affected Products

microsoft

defender antimalware platform

≤ 4.18.26030.3011

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation

Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.

attack.mitre.org →

Why these techniques?

CVE-2026-33825 is an access control vulnerability in Microsoft Defender enabling local privilege escalation from low privileges, directly facilitating T1068: Exploitation for Privilege Escalation.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-33825
Vendor Advisory · secure@microsoft.com
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-33825
US Government Resource · 134c704f-9b21-4f2e-91b3-4a467353bcc0
https://www.huntress.com/blog/nightmare-eclipse-intrusion
Third Party Advisory · 134c704f-9b21-4f2e-91b3-4a467353bcc0