CVE-2026-41091KEVEXPLOITEDPATCHED

microsoft · microsoft malware protection engine

Microsoft Defender Elevation of Privilege Vulnerability

Description

Improper link resolution before file access ('link following') in Microsoft Defender allows an authorized attacker to elevate privileges locally.

Affected Products

Vendor	Product	Versions
microsoft	microsoft malware protection engine	-

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-41091(vendor-advisory, patch)

Related News (3 articles)

Tier B

CCCS Canada1h ago

Microsoft security advisory (AV26-489)

→ No new info (linked only)

Tier C

VulDB5h ago

CVE-2026-41091 | Microsoft Malware Protection Engine link following

→ No new info (linked only)

Tier B

CERT-FR19h ago

Multiples vulnérabilités dans les produits Microsoft (20 mai 2026)

→ No new info (linked only)

CVSS 3.17.8 HIGH

VectorCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

CISA KEV✅ Yes

Actively exploited✅ Yes

Patch available

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-41091

CWECWE-59

PublishedMay 20, 2026

Last enriched1h agov4

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

HIGHCVE-2026-33825EXPKEV

Microsoft Defender Elevation of Privilege Vulnerability

Trending: 149

HIGHCVE-2026-42897EXPKEV

Microsoft Exchange Server Spoofing Vulnerability

Trending: 123

HIGHCVE-2026-25187EXPKEV

Winlogon Elevation of Privilege Vulnerability

Trending: 97

MEDIUMCVE-2026-45498EXPKEV

Microsoft Defender Denial of Service Vulnerability

Trending: 91

MEDIUMCVE-2026-45585EXP

Windows BitLocker Security Feature Bypass Vulnerability

Trending: 88

Pin to Dashboard

Verification

State: unverified

Confidence: 0%

Vulnerability Timeline

CVE Published

May 20, 2026

Added to CISA KEV

May 20, 2026

Discovered by ZDM

May 20, 2026

Updated: severity

May 20, 2026

Updated: exploitAvailable, tags

May 20, 2026

Updated: affectedVersions, tags

May 20, 2026

Actively Exploited

May 20, 2026

Exploit Available

May 20, 2026

Patch Available

May 20, 2026

Version History

Last enriched 1h ago

v4Tier B1h ago

Added affected versions 1.1.26040.8 and 4.18.26040.7, and included new tag AV26-489.

affectedVersionstags

via CCCS Canada

v3Tier B5h ago

Marked exploit as available and added new tag for CVE-2026-45498.

exploitAvailabletags

via CERT-FR

v2Tier C5h ago

Updated severity to CRITICAL, noted that no exploit is available, and set patchAvailable to null.

severity

via VulDB

v15h ago

Initial creation