Microsoft Warns of Two Actively Exploited Defender Vulnerabilities

Thursday, May 21, 2026 at 10:55 AM UTC·Source: The Hacker News

Updated: Thursday, May 21, 2026 at 12:00 PM UTC

Executive Summary

Microsoft has disclosed that a privilege escalation and a denial-of-service flaw in Defender has come under active exploitation in the wild. The former, tracked as CVE-2026-41091, is rated 7.8 on the CVSS scoring system. Successful exploitation of the flaw could allow an attacker to gain SYSTEM privileges. "Improper link resolution before file access ('link following') in Microsoft Defender

Analysis

Indicators of Compromise (1)

CVE (1)

CVE-2026-41091

NVD MITRE CVE

Source Attribution

Originally published by The Hacker News on May 21, 2026.

Related Threats

MEDIUMVulnerabilityNEW

Mastercard asks Brazilian payment processors to split Will losses

Mastercard is asking Brazilian payment processors to absorb some of nearly $1 billion in losses connected to the failure of Banco Masters.

Just nowFinextra

MEDIUMVulnerabilityNEW

PowerSchool’s $17.25 Million Settlement Exposes Years of Student Data Tracking

If you ask most people what breach PowerSchool experienced, their first response might be the 2024 hacking incident that affected tens of millions of students. But even before that breach, there was another significant breach involving PowerSchool that began in 2021. Colin Lee and Koji Edmunds report: In early April, many students across the world... Source

30m agoDataBreaches.net

CRITICALVulnerability

Ghost CMS CVE-2026-26980 Exploited to Hijack 700+ Sites for ClickFix Attacks

Threat actors are exploiting a recently disclosed critical security flaw in Ghost CMS to inject malicious JavaScript code with an aim to fuel ClickFix attacks. According to QiAnXin XLab, the activity involves the exploitation of CVE-2026-26980 (CVSS score: 9.4), an SQL injection vulnerability in Ghost's Content API that could allow an unauthenticated attacker to read arbitrary data from the

CVE-2026-26980

1h agoThe Hacker News