vuln disclosure
CVE-2025-26678: Windows Defender Application Control Authentication Bypass VulnerabilityCVE-2025-26678
CVE-2025-26678 is an improper access control vulnerability in Windows Defender Application Control (WDAC) on Windows 10 1809 and other versions. It allows a local attacker to bypass WDAC application whitelisting policies without user interaction or elevated privileges, potentially enabling execution of unauthorized code. This undermines a key endpoint security control, posing high risk to confidentiality, integrity, and availability.