CVE-2026-33825: Microsoft Defender Insufficient Granularity of Access

Microsoft Defender Insufficient Granularity of Access Control Vulnerability. Microsoft Defender contains an insufficient granularity of access control vulnerability that could allow an authorized attacker to escalate privileges locally.

• CISA KEV-listed (remediation due 2026-05-06)
• EPSS 7.9% (92.2% percentile)

Browse the CVE database

Read the full analysis on IntelFusions