
RoguePlanet
Researcher-named Windows Defender flaw; CVE assignment, CVSS score, and patch status remain contested.
Last refreshed: 14 July 2026 · Appears in 1 active topic
Microsoft just patched RoguePlanet under one CVE number; which of the two was ever correct?
Timeline for RoguePlanet
Patched via out-of-band Defender update
Cybersecurity: Threats and Defences: Microsoft ends the Nightmare Eclipse runMentioned in: A handle keeps dropping MS zero-days
Cybersecurity: Threats and DefencesGranted SYSTEM-level access and was patched in the June cycle after active exploitation
Cybersecurity: Threats and Defences: 200 fixes, six zero-days, late ExchangeWas RoguePlanet the last zero-day from Nightmare Eclipse?
Has the RoguePlanet Windows Defender flaw been patched?
Is CVE-2026-47281 the same as RoguePlanet?
Background
Microsoft shipped an out-of-band Windows Defender engine update, v1.1.26060.3008, on 9 July 2026, patching the flaw researcher Nightmare Eclipse calls RoguePlanet and identifying it as CVE-2026-50656. Microsoft describes it as the seventh and final zero-day in the researcher's Chaotic Eclipse disclosure run, closing the series.
The name has carried conflicting technical claims. June's Patch Tuesday coverage attributed an actively exploited, SYSTEM-level flaw, CVE-2026-47281 (CVSS 9.6), to RoguePlanet. Nightmare Eclipse's own June disclosure described RoguePlanet as a TOCTOU race, CVE-2026-50656 (CVSS 7.8), then unpatched. Microsoft's own patch now uses the CVE-2026-50656 number, which sits against the earlier CVE-2026-47281 attribution; Microsoft has not publicly addressed the discrepancy between the two accounts.
RoguePlanet was the last in a run of seven uncoordinated Microsoft zero-day disclosures from Nightmare Eclipse since March 2026, following a dispute over a bug-bounty payment. Readers should treat the exact CVE history as attributed rather than fully reconciled until Microsoft clarifies the record.