CISA KEV: Microsoft Defender — Microsoft Defender Link Following Vulnerability

Wednesday, May 20, 2026 at 12:00 AM UTC·Source: CISA KEV

Updated: Wednesday, May 20, 2026 at 06:00 PM UTC

Executive Summary

Microsoft Defender contains a link following vulnerability that allows an authorized attacker to elevate privileges locally.

Analysis

Microsoft Defender contains a link following vulnerability that allows an authorized attacker to elevate privileges locally. Added to CISA Known Exploited Vulnerabilities catalog on 2026-05-20. Remediation due: 2026-06-03.

Indicators of Compromise (1)

CVE (1)

CVE-2026-41091

NVD MITRE CVE

Source Attribution

Originally published by CISA KEV on May 20, 2026. Verified by: CISA.

Related Threats

MEDIUMVulnerabilityNEW

Mastercard asks Brazilian payment processors to split Will losses

Mastercard is asking Brazilian payment processors to absorb some of nearly $1 billion in losses connected to the failure of Banco Masters.

Just nowFinextra

MEDIUMVulnerabilityNEW

PowerSchool’s $17.25 Million Settlement Exposes Years of Student Data Tracking

If you ask most people what breach PowerSchool experienced, their first response might be the 2024 hacking incident that affected tens of millions of students. But even before that breach, there was another significant breach involving PowerSchool that began in 2021. Colin Lee and Koji Edmunds report: In early April, many students across the world... Source

31m agoDataBreaches.net

CRITICALVulnerability

Ghost CMS CVE-2026-26980 Exploited to Hijack 700+ Sites for ClickFix Attacks

Threat actors are exploiting a recently disclosed critical security flaw in Ghost CMS to inject malicious JavaScript code with an aim to fuel ClickFix attacks. According to QiAnXin XLab, the activity involves the exploitation of CVE-2026-26980 (CVSS score: 9.4), an SQL injection vulnerability in Ghost's Content API that could allow an unauthenticated attacker to read arbitrary data from the

CVE-2026-26980

1h agoThe Hacker News