PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-45584 Microsoft CVE debrief

CVE-2026-45584 is a high-severity heap-based buffer overflow in Microsoft’s Malware Protection Engine, associated with Microsoft Defender, that can allow an unauthorized attacker to execute code over the network. NVD lists the issue as AV:N/AC:H/PR:N/UI:N with CWE-122 and a CVSS 3.1 score of 8.1. Microsoft’s advisory is the official vendor reference for remediation guidance.

Vendor
Microsoft
Product
Malware Protection Engine
CVSS
HIGH 8.1
CISA KEV
Not listed in stored evidence
Original CVE published
2026-05-20
Original CVE updated
2026-05-20
Advisory published
2026-05-20
Advisory updated
2026-05-20

Who should care

Security teams, endpoint administrators, and Microsoft environment operators should prioritize this CVE, especially where Microsoft Defender / Malware Protection Engine versions are deployed across large fleets. The network attack vector and lack of required privileges or user interaction make this a high-priority patching item for managed endpoints and security infrastructure.

Technical summary

NVD describes CVE-2026-45584 as a heap-based buffer overflow (CWE-122) in the Microsoft Malware Protection Engine, with the vulnerability reachable over the network. The published CVSS vector is CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H, indicating potential impact to confidentiality, integrity, and availability. The affected CPE range in NVD is microsoft:malware_protection_engine from version 1.1.26030.3008 up to, but not including, 1.1.26040.8.

Defensive priority

High. This is a network-reachable code-execution issue with no privileges or user interaction required, and the CVSS score is 8.1. Prioritize patching affected Microsoft Malware Protection Engine versions and confirm deployment across endpoint fleets as soon as possible.

Recommended defensive actions

  • Check whether Microsoft Malware Protection Engine versions in your environment fall within the affected range: 1.1.26030.3008 through versions before 1.1.26040.8.
  • Apply Microsoft’s remediation guidance from the MSRC advisory for CVE-2026-45584 as soon as available in your servicing channel.
  • Prioritize patch deployment on internet-connected, high-value, and broadly deployed endpoints.
  • Verify update completion through asset inventory or endpoint management tooling rather than assuming automatic coverage.
  • Monitor Microsoft security advisories and NVD updates for any follow-up guidance or revised affected-version information.

Evidence notes

The CVE record and NVD entry show publication and modification on 2026-05-20. NVD lists the vulnerability as analyzed, with CVSS 3.1 vector AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H and weakness CWE-122. The NVD metadata also includes an affected Microsoft Malware Protection Engine version range of 1.1.26030.3008 to before 1.1.26040.8, and references Microsoft’s MSRC advisory as the vendor mitigation source. The vendor/product mapping provided in the source corpus is based on NVD CPE evidence and carries medium confidence.

Official resources

Publicly disclosed on 2026-05-20, with the NVD/CVE record showing publishedAt 2026-05-20T13:16:37.333Z and modifiedAt 2026-05-20T18:56:32.350Z. Microsoft’s MSRC advisory is linked as the official vendor reference.