{"@odata.context":"https://api.msrc.microsoft.com/sug/v2.0/sugodata/v2.0/en-US/$metadata#vulnerability/$entity","id":"00000000-0000-0000-0000-00004c27b886","releaseDate":"2026-06-16T07:00:00-07:00","cveNumber":"CVE-2026-50656","cveTitle":"Microsoft Defender Elevation of Privilege Vulnerability","releaseNumber":"2026-Jun","vulnType":"Security Vulnerability","latestRevisionDate":"2026-06-16T07:00:00-07:00","description":"<p>Microsoft is aware of an elevation of privilege in the Microsoft Malware Protection Engine in Microsoft Defender publicly referred to as &quot;RoguePlanet &quot;. We are working to provide a high quality security update that addresses this vulnerability. We will provide information in this CVE when the update is available.</p>\n","cweList":["CWE-59: Improper Link Resolution Before File Access ('Link Following')"],"cweDetailsListForSearch":["cwe: CWE-59: Improper Link Resolution Before File Access ('Link Following')","cweUrl: https://cwe.mitre.org/data/definitions/59.html"],"unformattedDescription":"Microsoft is aware of an elevation of privilege in the Microsoft Malware Protection Engine in Microsoft Defender publicly referred to as \"RoguePlanet \". We are working to provide a high quality security update that addresses this vulnerability. We will provide information in this CVE when the update is available.","mitreText":"CVE-2026-50656","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-50656","publiclyDisclosed":"Yes","exploited":"No","latestSoftwareReleaseId":1,"latestSoftwareRelease":"Exploitation More Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Defender","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000001,"severity":"Important","impactId":100000002,"impact":"Elevation of Privilege","langCode":"en-US","baseScore":"7.8","temporalScore":"7.6","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:U/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-59: Improper Link Resolution Before File Access ('Link Following')","https://cwe.mitre.org/data/definitions/59.html"]}],"articles":[{"title":"Microsoft Defender Elevation of Privilege Vulnerability","articleType":"100000000","description":"<p>Improper link resolution before file access ('link following') in Microsoft Defender allows an authorized attacker to elevate privileges locally.</p>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-50656","version":1,"revisionDate":"2026-06-16T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":true,"notificationSent":true,"sourceId":"b415675e-6b66-f111-93fb-000d3afbc7d7"}]}