High

Remote Code Execution in Microsoft Defender Heap Buffer Overflow

CVE-2026-45584 CWE-122· Heap-based Buffer Overflow

CVE-2026-45584 is a heap-based buffer overflow vulnerability in Microsoft Defender. According to the provided content, the flaw allows an unauthorized attacker to execute code over a network. No additional technical detail about the specific vulnerable component, function, parsing routine, or triggering input has been provided in the available material.

Stay ahead

Get ahead of vulnerabilities like this

Mallory continuously monitors global threat intelligence and correlates it with your attack surface — so you know if you’re exposed before adversaries strike.

ANALYST BRIEF

Impact, mitigation & remediation

What it means. What to do now. For analysts and engineers who need to decide and keep moving.

Impact

What an attacker gets — and what they’ve been doing with it.

Successful exploitation can result in remote code execution in the context of the affected Microsoft Defender component. Based on the provided CVSS v3.1 vector (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H), the vulnerability can have high impact on confidentiality, integrity, and availability, enabling compromise of the affected system or security service without requiring prior authentication or user interaction.

Mitigation

If you can’t patch tonight, do this now.

Specific mitigation guidance is not available in the provided content. In the absence of vendor-published mitigations, organizations should prioritize applying Microsoft's fix when available, ensure Microsoft Defender components and security intelligence are fully updated, and reduce exposure of vulnerable systems to untrusted network-supplied content where operationally feasible.

Remediation

Patch, then assume compromise.

The specific remediation details are not available in the provided content. The authoritative remediation should be obtained from Microsoft's MSRC Update Guide entry for CVE-2026-45584 and any associated Microsoft Defender security update or platform/signature release guidance.

PUBLIC EXPLOITS

Exploits

No public exploits tracked yet. Mallory keeps watching.

VALID 0 / 0 TOTALView all

No public exploit code observed for this vulnerability.

EXPOSURE SURFACE

Affected products & vendors

Products and vendors Mallory has correlated with this vulnerability. Open in Mallory to drill down to specific CPE configurations and version ranges.

VendorProductType

Microsoft CorporationMalware Protection Engineapplication

Vendor-confirmed product mapping. Mallory continuously reconciles against your asset inventory in the product.

ACTIVITY FEED

Recent activity

16 sources tracked across advisories, community write-ups, and news. Mallory keeps watching after this page renders.

16 SOURCESView all

cvefeed high severityNews

May 20, 2026

CVE-2026-45584 - Microsoft Defender Remote Code Execution Vulnerability

A heap-based buffer overflow vulnerability in Microsoft Defender that allows unauthorized remote code execution over a network.

The operational view lives in Mallory

See the full picture, correlated to your attack surface.

This page covers what’s public. Mallory adds the parts that aren’t — which of your assets are affected, which threat actors are using it right now, which detections to deploy, and what to do next.

Exposure mapping

Query your assets running an affected version, and investigate the blast radius.

Threat actor evidence

Every observed campaign linking this CVE to a named adversary.

Associated malware

Malware families riding this exploit, with evidence and IOCs.

Detection signatures

YARA, Sigma, Snort, and vendor rules — auto-deployed to your SIEM.

Vendor-by-vendor mapping

Cross-references every affected SKU, including bundled OEM variants.

Social activity15

Community discussion across Reddit, Mastodon, and other social sources.

EXTERNAL REFERENCES

NVD

nvd.nist.gov/vuln/detail/CVE-2026-45584

Vendor Advisory

msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45584