The 'RoguePlanet' vulnerability (CVE-2026-50656) is an elevation of privilege flaw in the Microsoft Malware Protection Engine component of Microsoft Defender. It is a race condition that enables attackers to execute command prompts with SYSTEM-level privileges on fully patched Windows 10 and Windows 11 systems. The proof-of-concept exploit demonstrates variable success rates depending on the machine but can achieve 100% success on some devices. Microsoft confirmed awareness of the issue and is developing a security update to address it. The vulnerability was disclosed publicly by a security researcher known as Nightmare Eclipse, who has previously leaked multiple Windows zero-days. Microsoft has not yet released a patch for this vulnerability.

Successful exploitation of this vulnerability allows an attacker to elevate privileges to SYSTEM level on affected Windows devices, potentially enabling full control over the system. This could facilitate further malicious activities requiring high-level permissions. However, there are no reports of active exploitation in the wild at this time.

Microsoft is actively working on an official security update to fix this vulnerability. No patch is currently available. Organizations should monitor Microsoft's advisories for the release of the update and apply it promptly once available. Until then, no specific mitigations have been provided by Microsoft. The exploit works regardless of real-time protection settings, so disabling Defender features is not an effective mitigation.