CVE-2026-41091

HIGH

Improper link resolution before file access ('link following') in Microsoft Defender allows an authorized attacker to elevate privileges locally.

CVSS v3.1 Score

7.8

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

LOCAL

Complexity

LOW

Privileges

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Published: 5/20/2026Modified: 5/20/2026

Related Intelligence (3)

CRITICALZero Day

Microsoft patches two zero-day flaws in Defender

Microsoft released emergency fixes for two zero-day vulnerabilities in the malware protection components of Microsoft Defender. The flaws allow local attackers to gain system-level privileges or cause the anti-malware service to stop working correctly. Both conditions are valuable in a malware attack, first to prevent detection if the system relies only on Microsoft endpoint protection and second

CVE-2026-41091CVE-2026-45498

4d agoCSO Online

CRITICALVulnerability

Microsoft Warns of Two Actively Exploited Defender Vulnerabilities

Microsoft has disclosed that a privilege escalation and a denial-of-service flaw in Defender has come under active exploitation in the wild. The former, tracked as CVE-2026-41091, is rated 7.8 on the CVSS scoring system. Successful exploitation of the flaw could allow an attacker to gain SYSTEM privileges. "Improper link resolution before file access ('link following') in Microsoft Defender

CVE-2026-41091

4d agoThe Hacker News

HIGHVulnerability

CISA KEV: Microsoft Defender — Microsoft Defender Link Following Vulnerability

Microsoft Defender contains a link following vulnerability that allows an authorized attacker to elevate privileges locally.

CVE-2026-41091Microsoft Defender

5d agoCISA KEV

References (2)

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-41091Vendor Advisory https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-41091US Government ResourceThird Party Advisory