COOEY // HUBcompliance · community · intelligence

Exposures › CVE-2026-45498

CVE-2026-45498

Severity
high · on CISA KEV actively exploited
Source
CISA-KEV · kev
Published
2026-05-20
Reference
https://nvd.nist.gov/vuln/detail/CVE-2026-45498
⌖ exploited in the wild shame 45/100 exploited-in-wildunpatchedransomware

Microsoft Defender allows denial of service via unspecified vulnerability, impacting DIB systems reliant on endpoint protection.

This DoS vulnerability in Microsoft Defender can disrupt critical security monitoring and endpoint protection services, potentially leaving DIB organizations exposed to unpatched attack surfaces. While not an RCE or zero-day, the active exploitation status and high severity warrant immediate patching to maintain FedRAMP/NIST 800-171 compliance.

Shame score — A DoS vulnerability is less critical than RCE or data breaches but still represents a significant operational risk that compromises security posture.

Players implicated

Microsoft · vendorDefender · product

Description

Microsoft Defender contains an unspecified vulnerability that allows for denial of service.

Affected FedRAMP products 4 in the catalog

ProductProviderStatusMatch
Azure Commercial Cloud Microsoft Authorized vendor-exact · 0.90
Azure Government (includes Dynamics 365) Microsoft Authorized vendor-exact · 0.90
Microsoft Office 365 GCC High Microsoft In Process vendor-exact · 0.90
Office 365 Multi-Tenant & Supporting Services Microsoft Authorized vendor-exact · 0.90