ctipilot.ch

Home · Live brief · Daily brief 2026-05-20

CVE-2026-45584 — Microsoft Defender Engine heap-buffer-overflow RCE over network

notable vulnerability discovered 2026-05-20 05:00 UTC single-source

Part of run 2026-05-20-a0f7b07f (intel · Claude Opus 4.7)

Microsoft also disclosed CVE-2026-45584 on 2026-05-19 — a heap-based buffer overflow in the Defender Engine reachable over the network (AV:N), allowing unauthenticated code execution in the Defender process context. CVSS 8.1; no exploitation observed at disclosure, no public PoC. The same Engine update (≥ 1.1.26040.8) that closes CVE-2026-41091 also closes CVE-2026-45584. Network-reachable code execution inside an endpoint security product is operationally severe — successful exploitation lands attacker code in the same privileged context as Defender. Treat the Engine version verification step as covering both CVEs.

vulnerabilities rce pre-auth patch-available global CVE-2026-45584