Skip to content
You can now search across every topic, entity and event.What's new
RoguePlanet
Technology

RoguePlanet

Researcher-named Windows Defender flaw; CVE assignment, CVSS score, and patch status remain contested.

Last refreshed: 14 July 2026 · Appears in 1 active topic

Key Question

Microsoft just patched RoguePlanet under one CVE number; which of the two was ever correct?

Timeline for RoguePlanet

#109 Jul

Patched via out-of-band Defender update

Cybersecurity: Threats and Defences: Microsoft ends the Nightmare Eclipse run
#817 Jun

Mentioned in: A handle keeps dropping MS zero-days

Cybersecurity: Threats and Defences
#79 Jun

Granted SYSTEM-level access and was patched in the June cycle after active exploitation

Cybersecurity: Threats and Defences: 200 fixes, six zero-days, late Exchange
View full timeline →
Common Questions
Was RoguePlanet the last zero-day from Nightmare Eclipse?
Yes, Microsoft's 9 July 2026 out-of-band patch described RoguePlanet (CVE-2026-50656) as the seventh and final zero-day in the researcher's Chaotic Eclipse disclosure run, closing the series.Source: Lowdown cyber-threats-and-defences coverage
Has the RoguePlanet Windows Defender flaw been patched?
Yes. Microsoft shipped an out-of-band Windows Defender engine update, v1.1.26060.3008, on 9 July 2026, closing RoguePlanet as CVE-2026-50656, the seventh and final zero-day in Nightmare Eclipse's disclosure series.Source: Lowdown cyber-threats-and-defences coverage
Is CVE-2026-47281 the same as RoguePlanet?
That is contested. The June 2026 Patch Tuesday coverage attributed CVE-2026-47281 (CVSS 9.6, actively exploited, fixed June 2026) to RoguePlanet. Nightmare Eclipse's own disclosure describes RoguePlanet as CVE-2026-50656 (CVSS 7.8, unpatched TOCTOU race). Microsoft has not publicly confirmed either CVE assignment for the name.Source: Lowdown cyber-threats-and-defences coverage

Background

Microsoft shipped an out-of-band Windows Defender engine update, v1.1.26060.3008, on 9 July 2026, patching the flaw researcher Nightmare Eclipse calls RoguePlanet and identifying it as CVE-2026-50656. Microsoft describes it as the seventh and final zero-day in the researcher's Chaotic Eclipse disclosure run, closing the series.

The name has carried conflicting technical claims. June's Patch Tuesday coverage attributed an actively exploited, SYSTEM-level flaw, CVE-2026-47281 (CVSS 9.6), to RoguePlanet. Nightmare Eclipse's own June disclosure described RoguePlanet as a TOCTOU race, CVE-2026-50656 (CVSS 7.8), then unpatched. Microsoft's own patch now uses the CVE-2026-50656 number, which sits against the earlier CVE-2026-47281 attribution; Microsoft has not publicly addressed the discrepancy between the two accounts.

RoguePlanet was the last in a run of seven uncoordinated Microsoft zero-day disclosures from Nightmare Eclipse since March 2026, following a dispute over a bug-bounty payment. Readers should treat the exact CVE history as attributed rather than fully reconciled until Microsoft clarifies the record.