KEV · Actively exploited
CVE-2026-33825
HIGH 7.8
KEV
Microsoft Defender Elevation of Privilege Vulnerability
EPSS
7.07%
above median
percentile 91.7%
CISA Known Exploited Vulnerability
- Added to KEV
- 2026-04-22
- Remediation deadline
- 2026-05-06
- Required action
- Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Ransomware
- No