Microsoft Defender For Endpoint — known CVE vulnerabilities
Every CVE whose affected-product data names Microsoft Defender For Endpoint, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (12)
CVE-2026-21537 — CVSS 8.8 (high): Improper control of generation of code ('code injection') in Microsoft Defender for Linux allows an unauthorized attacker to execute code…
CVE-2025-47161 — CVSS 7.8 (high): Improper access control in Microsoft Defender for Endpoint allows an authorized attacker to elevate privileges locally.
CVE-2025-59497 — CVSS 7.0 (high): Time-of-check time-of-use (toctou) race condition in Microsoft Defender for Linux allows an authorized attacker to deny service locally.
CVE-2025-26684 — CVSS 6.7 (medium): External control of file name or path in Microsoft Defender for Endpoint allows an authorized attacker to elevate privileges locally.
CVE-2024-49071 — CVSS 6.5 (medium): Improper authorization of an index that contains sensitive information from a Global Files search in Windows Defender allows an authorized…
CVE-2024-43614 — CVSS 5.5 (medium): Relative path traversal in Microsoft Defender for Endpoint allows an authorized attacker to perform spoofing locally.
CVE-2026-45647 — CVSS 5.5 (medium): Time-of-check time-of-use (toctou) race condition in Microsoft Defender for Endpoint allows an authorized attacker to elevate privileges…