Microsoft Defender CVE-2026-33825 Local Privilege Escalation
Summary
CISA added CVE-2026-33825 to the Known Exploited Vulnerabilities catalog on April 22, 2026. The vulnerability is an insufficient granularity of access control flaw in Microsoft Defender versions 4.0.0.0 through versions before 4.18.26030.3011 that allows a local authorized attacker to elevate privileges. The CVSS 3.1 score is 7.8 (HIGH), exploitation is listed as active with total technical impact, and a vendor patch is available via Microsoft Update Guide.
“Insufficient granularity of access control in Microsoft Defender allows an authorized attacker to elevate privileges locally.”
About this source
GovPing monitors CISA Known Exploited Vulnerabilities (KEV) for new data privacy & cybersecurity regulatory changes. Every update since tracking began is archived, classified, and available as free RSS or email alerts — 36 changes logged to date.
What changed
CISA added CVE-2026-33825 to the Known Exploited Vulnerabilities catalog. The vulnerability is an insufficient granularity of access control in Microsoft Defender that allows a local authorized attacker to elevate privileges to SYSTEM level. Affected versions are 4.0.0.0 before 4.18.26030.3011. The CVSS 3.1 base score is 7.8 (HIGH) with vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C. Exploitation status is listed as active, not automatable, with total technical impact.
Federal civilian agencies subject to BOD 22-01 must remediate this vulnerability under the KEV remediation requirements. All organizations using Microsoft Defender should verify their deployment version and apply the Microsoft patch via the vendor advisory on msrc.microsoft.com/update-guide/vulnerability/CVE-2026-33825. IT security teams should prioritize patching endpoints given the active exploitation status and local privilege escalation risk.
Archived snapshot
Apr 23, 2026GovPing captured this document from the original source. If the source has since changed or been removed, this is the text as it existed at that time.
Required CVE Record Information
CNA: Microsoft Corporation
Updated:
2026-04-22
Description
Insufficient granularity of access control in Microsoft Defender allows an authorized attacker to elevate privileges locally.
CWE 1 Total
Learn more
- CWE-1220: CWE-1220: Insufficient Granularity of Access Control
CVSS 1 Total
Learn more
| Score | Severity | Version | Vector String |
| --- | --- | --- | --- |
| 7.8 | HIGH | 3.1 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Product Status
Learn more Versions 1 Total
Default Status: unknown
affected
- affected from 4.0.0.0 before 4.18.26030.3011
References 1 Total
- msrc.microsoft.com: Microsoft Defender Elevation of Privilege Vulnerability vendor-advisory patch
Authorized Data Publishers
CISA-ADP
SSVC and KEV, plus CVSS and CWE if not provided by the CNA.
SSVC 1 Total
Learn more
| Exploitation | Automatable | Technical Impact | Version | Date Accessed |
| --- | --- | --- | --- | --- |
| active | no | total | 2.0.3 | 2026-04-13 |
KEV 1 Total
Learn more
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-33825 (2026-04-22)
Mentioned entities
Parties
Related changes
Get daily alerts for CISA Known Exploited Vulnerabilities (KEV)
Daily digest delivered to your inbox.
Free. Unsubscribe anytime.
Source
About this page
Every important government, regulator, and court update from around the world. One place. Real-time. Free. Our mission
Source document text, dates, docket IDs, and authority are extracted directly from CISA.
The summary, classification, recommended actions, deadlines, and penalty information are AI-generated from the original text and may contain errors. Always verify against the source document.
Classification
Who this affects
Taxonomy
Browse Categories
Get alerts for this source
We'll email you when CISA Known Exploited Vulnerabilities (KEV) publishes new changes.
Subscribed!
Optional. Filters your digest to exactly the updates that matter to you.