CVE-2026-45584

Daily digests

A heap-based buffer overflow in the Microsoft Malware Protection Engine lets an attacker run code over the network without any authentication. Because Defender's engine auto-scans incoming files and network content, a specially crafted payload could trigger this just by being received. No user click needed.

• Daily Digest · May 21, 2026

  Cisco Secure Workload CVSS 10, no auth needed