Microsoft has officially acknowledged a critical vulnerability in its Defender antivirus software, known as ‘RoguePlanet,’ and is actively developing a patch to address the issue. This flaw, identified as CVE-2026-50656 with a CVSS score of 7.8, allows attackers to escalate privileges within the system.
The ‘RoguePlanet’ exploit was publicly disclosed by a security researcher operating under the pseudonym Chaotic Eclipse, also known as Nightmare-Eclipse. The researcher described the exploit as a race condition that can grant attackers a shell with SYSTEM-level privileges. Notably, the exploit has demonstrated varying success rates across different machines, achieving 100% reliability on some systems while being less effective on others.
Further testing revealed that the proof-of-concept (PoC) for ‘RoguePlanet’ functions regardless of whether real-time protection is enabled, and it may even operate in passive mode, though this has not been conclusively tested.
Microsoft has stated that it is aware of the reported vulnerability and is actively investigating its validity and potential impact. The company is committed to providing a high-quality security update to address this issue promptly.
‘RoguePlanet’ is the latest in a series of vulnerabilities in Microsoft Defender disclosed by Chaotic Eclipse. Previous disclosures include ‘BlueHammer’ (CVE-2026-33825), ‘UnDefend’ (CVE-2026-45498), and ‘RedSun’ (CVE-2026-41091), all of which have been patched by Microsoft.
This series of disclosures highlights the ongoing challenges in securing endpoint protection software. The emergence of ‘RoguePlanet’ underscores the importance of timely vulnerability management and the need for organizations to stay vigilant in applying security updates. As Microsoft works on a patch, users are advised to monitor official communications and apply updates as soon as they become available to mitigate potential risks.
