{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-33825", "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "state": "PUBLISHED", "assignerShortName": "microsoft", "dateReserved": "2026-03-24T00:52:01.352Z", "datePublished": "2026-04-14T16:57:49.361Z", "dateUpdated": "2026-04-17T16:12:43.534Z"}, "containers": {"cna": {"title": "Microsoft Defender Elevation of Privilege Vulnerability", "datePublic": "2026-04-14T14:00:00.000Z", "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:microsoft:microsoft_defender:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.0.0.0", "versionEndExcluding": "4.18.26030.3011"}]}]}], "affected": [{"vendor": "Microsoft", "product": "Microsoft Defender Antimalware Platform", "versions": [{"version": "4.0.0.0", "lessThan": "4.18.26030.3011", "versionType": "custom", "status": "affected"}]}], "descriptions": [{"value": "Insufficient granularity of access control in Microsoft Defender allows an authorized attacker to elevate privileges locally.", "lang": "en-US"}], "problemTypes": [{"descriptions": [{"description": "CWE-1220: Insufficient Granularity of Access Control", "lang": "en-US", "type": "CWE", "cweId": "CWE-1220"}]}], "providerMetadata": {"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft", "dateUpdated": "2026-04-17T16:12:43.534Z"}, "references": [{"name": "Microsoft Defender Elevation of Privilege Vulnerability", "tags": ["vendor-advisory", "patch"], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-33825"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en-US", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "baseSeverity": "HIGH", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C"}}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-33825", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-04-15T03:57:39.686441Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-15T09:13:16.762Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-33825", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-04-15T03:57:39.686441Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-15T09:08:59.756Z"}}], "cna": {"title": "Microsoft Defender Elevation of Privilege Vulnerability", "metrics": [{"format": "CVSS", "cvssV3_1": {"version": "3.1", "baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C"}, "scenarios": [{"lang": "en-US", "value": "GENERAL"}]}], "affected": [{"vendor": "Microsoft", "product": "Microsoft Defender Antimalware Platform", "versions": [{"status": "affected", "version": "4.0.0.0", "lessThan": "4.18.26030.3011", "versionType": "custom"}]}], "datePublic": "2026-04-14T14:00:00.000Z", "references": [{"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-33825", "name": "Microsoft Defender Elevation of Privilege Vulnerability", "tags": ["vendor-advisory", "patch"]}], "descriptions": [{"lang": "en-US", "value": "Insufficient granularity of access control in Microsoft Defender allows an authorized attacker to elevate privileges locally."}], "problemTypes": [{"descriptions": [{"lang": "en-US", "type": "CWE", "cweId": "CWE-1220", "description": "CWE-1220: Insufficient Granularity of Access Control"}]}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:microsoft_defender:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "4.18.26030.3011", "versionStartIncluding": "4.0.0.0"}], "operator": "OR"}]}], "providerMetadata": {"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft", "dateUpdated": "2026-04-16T14:18:40.279Z"}}}, "cveMetadata": {"cveId": "CVE-2026-33825", "state": "PUBLISHED", "dateUpdated": "2026-04-16T14:18:40.279Z", "dateReserved": "2026-03-24T00:52:01.352Z", "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "datePublished": "2026-04-14T16:57:49.361Z", "assignerShortName": "microsoft"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Insufficient granularity of access control in Microsoft Defender allows an authorized attacker to elevate privileges locally."}], "id": "CVE-2026-33825", "lastModified": "2026-04-17T14:19:21.290", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "secure@microsoft.com", "type": "Primary"}]}, "published": "2026-04-14T18:17:35.100", "references": [{"source": "secure@microsoft.com", "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-33825"}], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Undergoing Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-1220"}], "source": "secure@microsoft.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[4.0.0.0,4.18.26030.3011)"}}], "enrichment": {"confidence": 90.0, "confidence_source": "matching", "scores": [{"score": 90.0, "source": "matching"}]}, "original": {"product": "Microsoft Defender Antimalware Platform", "source": "cna", "vendor": "Microsoft"}, "product": "windows_defender_antimalware_platform", "vendor": "microsoft"}], "analysis": {"en": {"generated_at": "2026-04-14T19:54:04.604475+00:00", "value": {"mitigation_remediation": ["Apply the latest Defender update from Microsoft Security Response Center or Windows Update.", "Review and restrict local user permissions to limit unnecessary elevation rights.", "Keep abreast of new advisories from Microsoft and install any subsequent updates promptly."], "summary": {"action": "Immediate Patch", "impact": "Privilege Escalation"}, "threat_synthesis": {"affected_systems": "The affected product is the Microsoft Defender Antimalware Platform. No specific version range is disclosed in the advisories; therefore, all installations of the platform that rely on the existing access control model may be vulnerable until remediation is applied.", "description_and_impact": "Insufficient granularity of access control in Microsoft Defender compromises the principle of least privilege. The flaw, categorized as Access Control Failure (CWE\u20111220), permits an attacker who already has local user access to gain higher privileges within the Defender environment, potentially allowing them to bypass security controls and elevate operational authority.", "risk_and_exploitability": "The vulnerability has a CVSS score of 7.8, indicating high severity. Exploit probability data is not provided, and the vulnerability is not listed in the CISA KEV catalog. The attack vector is inferred to be local, requiring the attacker to already have some level of authenticated access. Given the potential to execute actions at a higher privilege level, the risk remains significant until a patch is deployed."}}}}, "created": "2026-04-15T15:00:06.170987+00:00", "updated": "2026-04-15T20:45:06.226251+00:00", "vendors": ["microsoft", "microsoft$PRODUCT$windows_defender_antimalware_platform"]}