CVE-2026-50656
HIGH
CVSS 7.8
No EPSS data
Description
Microsoft is aware of an elevation of privilege in the Microsoft Malware Protection Engine in Microsoft Defender publicly referred to as "RoguePlanet ".
CVSS details
EPSS
This CVE is not currently listed in the EPSS dataset.
Show JSON
{
"cve": {
"id": "CVE-2026-50656",
"cveTags": [],
"metrics": {
"ssvcV203": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"ssvcData": {
"id": "CVE-2026-50656",
"role": "CISA Coordinator",
"options": [
{
"exploitation": "poc"
},
{
"automatable": "no"
},
{
"technicalImpact": "total"
}
],
"version": "2.0.3",
"timestamp": "2026-06-16T00:00:00+00:00"
}
}
],
"cvssMetricV31": [
{
"type": "Secondary",
"source": "secure@microsoft.com",
"cvssData": {
"scope": "UNCHANGED",
"version": "3.1",
"baseScore": 7.8,
"attackVector": "LOCAL",
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"integrityImpact": "HIGH",
"userInteraction": "NONE",
"attackComplexity": "LOW",
"availabilityImpact": "HIGH",
"privilegesRequired": "LOW",
"confidentialityImpact": "HIGH"
},
"impactScore": 5.9,
"exploitabilityScore": 1.8
},
{
"type": "Primary",
"source": "nvd@nist.gov",
"cvssData": {
"scope": "UNCHANGED",
"version": "3.1",
"baseScore": 7,
"attackVector": "LOCAL",
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"integrityImpact": "HIGH",
"userInteraction": "NONE",
"attackComplexity": "HIGH",
"availabilityImpact": "HIGH",
"privilegesRequired": "LOW",
"confidentialityImpact": "HIGH"
},
"impactScore": 5.9,
"exploitabilityScore": 1
}
]
},
"affected": [
{
"source": "secure@microsoft.com",
"affectedData": [
{
"vendor": "Microsoft",
"product": "Microsoft Malware Protection Engine",
"versions": [
{
"status": "affected",
"version": "1.1.0.0",
"lessThan": "1.1.26060.3008",
"versionType": "custom"
}
]
}
]
}
],
"published": "2026-06-16T19:16:59.683",
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-50656",
"tags": [
"Vendor Advisory"
],
"source": "secure@microsoft.com"
},
{
"url": "https://github.com/MSNightmare/RoguePlanet",
"tags": [
"Product"
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"
}
],
"vulnStatus": "Modified",
"weaknesses": [
{
"type": "Secondary",
"source": "secure@microsoft.com",
"description": [
{
"lang": "en",
"value": "CWE-59"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Microsoft is aware of an elevation of privilege in the Microsoft Malware Protection Engine in Microsoft Defender publicly referred to as "RoguePlanet "."
}
],
"lastModified": "2026-07-09T00:17:26.607",
"configurations": [
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:malware_protection_engine:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1CF44512-0B67-4B5F-B271-C8CA45D30DA8"
}
],
"operator": "OR"
}
]
}
],
"sourceIdentifier": "secure@microsoft.com"
}
}