CVE-2026-55012 is a Microsoft Defender Remote Code Execution vulnerability caused by an integer overflow or wraparound. Microsoft rates it CVSS v3.1 base 7.8 (High) with a temporal score of 6.8. The attack vector is local, privileges required are none, user interaction is required, and the impact is high for confidentiality, integrity, and availability. Microsoft says it is not publicly disclosed and not exploited, with exploit code maturity unproven. In enterprise environments, the local vector and required user interaction reduce exposure compared with network-based RCE issues, but it still warrants attention on systems running the affected Microsoft Malware Protection Engine. Highlights: - CVSS scores: Base 7.8 - Temporal 6.8 - Exploit status & code maturity: Publicly Disclosed: No; Exploited: No; Exploit Code Maturity: UNPROVEN. - Impact: Remote Code Execution with HIGH confidentiality, integrity, and availability impacts. - Exploitation likelihood: Microsoft indicates exploitation less likely; the vector is LOCAL and user interaction is REQUIRED. - Severity for enterprise: High severity by CVSS, but lower enterprise exposure than network-reachable vulnerabilities because exploitation requires local execution and user interaction. - Patch status: available; customer action required. Affected systems: - Microsoft Defender - Microsoft Malware Protection Engine (mpengine.dll) - Microsoft antivirus and antispyware software - Microsoft System Center Endpoint Protection - Microsoft System Center 2012 R2 Endpoint Protection - Microsoft System Center 2012 Endpoint Protection - Microsoft Security Essentials