Is CVE-2026-33825 exploitable?

Yes — CVE-2026-33825 is listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, meaning it is confirmed exploited in the wild.

Is CVE-2026-33825 a false positive?

No practitioners have marked CVE-2026-33825 a false positive so far (2 verdicts).

How do I remediate CVE-2026-33825?

Practitioners have shared remediation steps for CVE-2026-33825 — see the remediation notes on this page.

CVE-2026-33825

is CVE-2026-33825real, exploitable, or a false positive? Here's the community ground truth.

☆ Watch

High · CVSS 7.8EPSS 6.2%CISA KEVCWE-1220

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Insufficient granularity of access control in Microsoft Defender allows an authorized attacker to elevate privileges locally.

NVD only has a brief summary for this one — the community fills in the real-world detail below.

References

NVD MITRE CVE.org CISA KEV

Published Apr 14, 2026

Embed this verdict

Markdown

[![TruePositive verdict](https://www.truepositive.app/cve/CVE-2026-33825/badge.svg)](https://www.truepositive.app/cve/CVE-2026-33825)

HTML

<a href="https://www.truepositive.app/cve/CVE-2026-33825"><img src="https://www.truepositive.app/cve/CVE-2026-33825/badge.svg" alt="TruePositive verdict for CVE-2026-33825"></a>

Live badge — updates automatically as the community verdict changes.

Community ground truth

Community verdict

2 verdicts

Not a real issue

Includes TruePositive's curated baseline from public sources — community verdicts accrue on top.

Pick your verdict — we'll save it right after a quick sign-in.

Community real-world severity: High (High 2) — CVSS base score 7.8

In line with its CVSS base score.

Field notes & remediation

Verdicts are the quick signal — notes are the evidence and fixes behind them.

0
Field note · Diego RamírezCurated
Microsoft Defender Insufficient Granularity of Access Control Vulnerability — Microsoft Defender contains an insufficient granularity of access control vulnerability that could allow an authorized attacker to escalate privileges locally. Listed in the CISA KEV catalog (added 2026-04-22) — confirmed exploited in the wild, not theoretical. FIRST EPSS puts the chance of exploitation in the next 30 days at ~6%. Treat it as real and prioritize remediation over triage.
0
Remediation · Marco FerriCurated
Required action for Microsoft Defender: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. CISA set a federal remediation due date of 2026-05-06. After patching, verify the vulnerable path is no longer reachable before closing the finding.

Same weakness — CWE-1220.

CVE-2021-36934CVSS 7.8KEVEPSS 67%
An elevation of privilege vulnerability exists because of overly permissive Access Control Lists (ACLs) on multiple system files, including the Security Accounts Manager (SAM) database. An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. An attacker must have the ability to execute code on a victim system to exploit this vulnerability. After installing this security update, you must manually delete all shadow copies of system files, including the SAM database, to fully mitigate this vulnerabilty. Simply installing this security update will not fully mitigate this vulnerability. See <a href="https://support.microsoft.com/topic/1ceaa637-aaa3-4b58-a48b-baf72a2fa9e7">KB5005357- Delete Volume Shadow Copies</a>.

CVE-2026-33825

Community ground truth

Field notes & remediation

Related CVEs