A vulnerability known as RoguePlanet was identified in Microsoft Defender, tracked as CVE-2026-50656. This flaw allows local privilege escalation to the NT AUTHORITYSYSTEM account, requiring an attacker to have local code execution capabilities. It can be exploited through methods such as opening malicious email attachments. The vulnerability is categorized under CWE-59: “Improper Link Resolution Before File Access” and involves a race condition that affects the Defender engine's operations. RoguePlanet was disclosed by security researcher Nightmare-Eclipse on June 10, 2026, and confirmed by various security firms. Microsoft released a fix in version 1.1.26060.3008 of the Microsoft Malware Protection Engine, which should be installed automatically in standard Windows configurations. Users can verify their engine version using PowerShell. The vulnerability affects both Windows 10 and Windows 11 systems with the June 2026 security updates, and disabling real-time protection does not reliably mitigate it.