CVE-2026-50656

HIGH · 7.8

hype MIXED · 42 hack

Real CVE, vendor patching urgently, but no PoC, no KEV-listing, no confirmed exploitation.

What: Elevation of privilege in Microsoft Malware Protection Engine (Defender) allowing SYSTEM-level code execution via race condition on fully patched Windows 10/11. CVSS 7.8 (HIGH).

Why it matters: Microsoft acknowledged RoguePlanet on 2026-06-16 and is developing a patch. Not yet KEV-listed; no confirmed public PoC or in-the-wild exploitation reported. Social chatter conflates "zero-day" status with active exploitation—Microsoft's public acknowledgment and imminent patch suggest rapid response to a real vulnerability, but no defender triage signals yet visible.

Where it's seen: Threat intel accounts and security news aggregators amplifying the NVD advisory with speculative claims about bypass capabilities and IOC counts. No technical PoC, no vendor advisory detail beyond Microsoft's statement.

RISK: HIGH — Affects all patched Windows 10/11; SYSTEM-level access possible; patch pending.

Generated by claude-haiku-4-5 from public posts and authoritative metadata. AI can make mistakes — verify against vendor advisories before acting. 6/17/2026, 10:59:31 AM

Description

Microsoft is aware of an elevation of privilege in the Microsoft Malware Protection Engine in Microsoft Defender publicly referred to as "RoguePlanet ". We are working to provide a high quality security update that addresses this vulnerability. We will provide information in this CVE when the update is available.

CVSS 3.1 breakdown

Exploitability 1.8 · Impact 5.9

vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack vector: Local
Complexity: Low
Privileges required: Low
User interaction: None
Scope: Unchanged
Confidentiality: High
Integrity: High
Availability: High

Weaknesses

CWE-59

References

Other · 1

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-50656