VYPR
kevPublished May 2, 2026· Updated May 17, 2026· 1 source

CISA Adds Microsoft Defender Vulnerability to KEV Catalog Following Active Exploitation

CISA has added a Microsoft Defender access control vulnerability to its Known Exploited Vulnerabilities catalog following reports of active exploitation.

The Cybersecurity and Infrastructure Security Agency (CISA) has officially added CVE-2026-33825, a critical vulnerability affecting Microsoft Defender, to its Known Exploited Vulnerabilities (KEV) Catalog CISA. This inclusion follows confirmed evidence that the flaw is currently being actively exploited in the wild by malicious cyber actors CISA.

The vulnerability is classified as an "Insufficient Granularity of Access Control" issue within Microsoft Defender CISA. In practice, this type of flaw allows an attacker to bypass or manipulate security restrictions that should otherwise be enforced by the software. By exploiting this lack of granularity, unauthorized actors may gain elevated access or perform actions that the system's security policies were intended to prevent, effectively undermining the protective capabilities of the Defender suite CISA.

Because Microsoft Defender is a core security component deployed across a vast number of enterprise and government environments, the potential impact of this vulnerability is significant. The flaw serves as a potent attack vector, enabling threat actors to potentially compromise the integrity of security monitoring and defense mechanisms on affected systems CISA.

Under Binding Operational Directive (BOD) 22-01, Federal Civilian Executive Branch (FCEB) agencies are now mandated to remediate this vulnerability by the specific due date established by CISA CISA. This directive is designed to mitigate the substantial risks posed to federal networks by vulnerabilities that are known to be actively targeted by adversaries CISA.

While the requirements of BOD 22-01 are legally binding only for FCEB agencies, CISA has issued a strong recommendation for all organizations—regardless of sector—to prioritize the remediation of CVE-2026-33825 CISA. The agency advises that integrating the KEV Catalog into standard vulnerability management practices is a critical step in reducing the overall attack surface and defending against active threats CISA.

The addition of this vulnerability to the KEV list highlights the ongoing trend of attackers targeting security software to gain deeper footholds within targeted networks. As CISA continues to monitor the threat landscape, organizations should remain vigilant and ensure that their security software is updated according to vendor guidance to protect against such high-risk exploits CISA.

Synthesized by Vypr AI