What is the severity of CVE-2025-26678?

CVE-2025-26678 has been rated with a high severity due to improper access control in Windows Defender Application Control.

How do I fix CVE-2025-26678?

To fix CVE-2025-26678, apply the relevant patches provided by Microsoft for your affected version of Windows.

CVE-2025-26678 affects Windows 10, Windows 11, and Windows Server 2022 among other versions as specified in the official documentation.

Yes, CVE-2025-26678 can be exploited locally by an unauthorized attacker to bypass security features.

Currently, the best mitigation for CVE-2025-26678 is to apply the latest security updates from Microsoft.

8.4

CWE

284

8/4/2025

12/4/2025

First published: Tue Apr 08 2025(Updated: )

<p>Improper access control in Windows Defender Application Control (WDAC) allows an unauthorized attacker to bypass a security feature locally.</p>

Credit: secure@microsoft.com

What is the severity of CVE-2025-26678?
CVE-2025-26678 has been rated with a high severity due to improper access control in Windows Defender Application Control.
How do I fix CVE-2025-26678?
To fix CVE-2025-26678, apply the relevant patches provided by Microsoft for your affected version of Windows.
Which versions of Windows are affected by CVE-2025-26678?
CVE-2025-26678 affects Windows 10, Windows 11, and Windows Server 2022 among other versions as specified in the official documentation.
Can CVE-2025-26678 be exploited locally?
Yes, CVE-2025-26678 can be exploited locally by an unauthorized attacker to bypass security features.
Are there any mitigations for CVE-2025-26678?
Currently, the best mitigation for CVE-2025-26678 is to apply the latest security updates from Microsoft.