Vulnerability intelligence

CVE-2026-41091 is a privilege escalation vulnerability found in Microsoft Defender. The flaw stems from improper link resolution before file access, often referred to as 'link following', within the Microsoft Malware Protection Engine (version 1.1.26030.3008 and earlier). This vulnerability allows an authorized attacker to locally elevate their privileges on an affected system. The issue arises from how Defender processes symbolic links and hard links, enabling attackers to manipulate file system traversal and gain higher-level access. Reports indicate that this vulnerability is already being exploited in the wild.

CVE-2026-45498 is identified as a denial-of-service (DoS) vulnerability affecting the Microsoft Defender Antimalware Platform. This flaw can be exploited to prevent Microsoft Defender from functioning as intended, potentially disrupting its protective capabilities on unpatched Windows devices. Microsoft has acknowledged that this vulnerability has been exploited in the wild, and security patches have been released to address it. The affected versions include Microsoft Defender Antimalware Platform 4.18.26030.3011 and earlier.

CVE-2026-9082 is a SQL injection vulnerability found within the database abstraction API of Drupal core. This flaw specifically impacts Drupal websites that utilize PostgreSQL databases. An attacker can exploit this vulnerability by sending specially crafted requests, which can lead to arbitrary SQL injection. Successful exploitation of CVE-2026-9082 can result in information disclosure, and in some cases, privilege escalation or remote code execution. This vulnerability can be exploited by anonymous users. The security updates released for this issue also include fixes for upstream dependencies like Symfony and Twig.

Use-after-free vulnerability in Microsoft Internet Explorer 6, 6 SP1, 7, and 8 on Windows 2000 SP4; Windows XP SP2 and SP3; Windows Server 2003 SP2; Windows Vista Gold, SP1, and SP2; Windows Server 2008 Gold, SP2, and R2; and Windows 7 allows remote attackers to execute arbitrary code by accessing a pointer associated with a deleted object, related to incorrectly initialized memory and improper handling of objects in memory, as exploited in the wild in December 2009 and January 2010 during Operation Aurora, aka "HTML Object Memory Corruption Vulnerability."

CVE-2026-45498 is identified as a denial-of-service (DoS) vulnerability affecting the Microsoft Defender Antimalware Platform. This flaw can be exploited to prevent Microsoft Defender from functioning as intended, potentially disrupting its protective capabilities on unpatched Windows devices. Microsoft has acknowledged that this vulnerability has been exploited in the wild, and security patches have been released to address it. The affected versions include Microsoft Defender Antimalware Platform 4.18.26030.3011 and earlier.

CVE-2026-41091 is a privilege escalation vulnerability found in Microsoft Defender. The flaw stems from improper link resolution before file access, often referred to as 'link following', within the Microsoft Malware Protection Engine (version 1.1.26030.3008 and earlier). This vulnerability allows an authorized attacker to locally elevate their privileges on an affected system. The issue arises from how Defender processes symbolic links and hard links, enabling attackers to manipulate file system traversal and gain higher-level access. Reports indicate that this vulnerability is already being exploited in the wild.