Vulnerability intelligence

CVE-2026-41091 is a privilege escalation vulnerability found in Microsoft Defender. The flaw stems from improper link resolution before file access, often referred to as 'link following', within the Microsoft Malware Protection Engine (version 1.1.26030.3008 and earlier). This vulnerability allows an authorized attacker to locally elevate their privileges on an affected system. The issue arises from how Defender processes symbolic links and hard links, enabling attackers to manipulate file system traversal and gain higher-level access. Reports indicate that this vulnerability is already being exploited in the wild.

CVE-2026-45498 is identified as a denial-of-service (DoS) vulnerability affecting the Microsoft Defender Antimalware Platform. This flaw can be exploited to prevent Microsoft Defender from functioning as intended, potentially disrupting its protective capabilities on unpatched Windows devices. Microsoft has acknowledged that this vulnerability has been exploited in the wild, and security patches have been released to address it. The affected versions include Microsoft Defender Antimalware Platform 4.18.26030.3011 and earlier.

CVE-2026-43284, also known as part of the "Dirty Frag" vulnerability, is a flaw identified in the Linux kernel's xfrm-ESP subsystem. This vulnerability arises from an issue where the kernel performs in-place decryption on shared `skb` (socket buffer) fragments. Specifically, when `MSG_SPLICE_PAGES` attaches pages from a pipe directly to an `skb`, the IPv4/IPv6 datagram append paths failed to mark these `skbs` with `SKBFL_SHARED_FRAG` when splicing pages into UDP `skbs`. This oversight causes the ESP input path to decrypt data in place over buffers that are not privately owned by the `skb`, allowing unprivileged processes to retain references to the resulting plaintext. This mechanism effectively provides a write primitive into the page cache. The vulnerability was introduced in January 2017 and is related to a fast path for IPsec ESP receive. It is often discussed in conjunction with CVE-2026-43500, as the combination of these two flaws can be leveraged for local privilege escalation by manipulating the page cache to corrupt privileged files.

Use-after-free vulnerability in Microsoft Internet Explorer 6, 6 SP1, 7, and 8 on Windows 2000 SP4; Windows XP SP2 and SP3; Windows Server 2003 SP2; Windows Vista Gold, SP1, and SP2; Windows Server 2008 Gold, SP2, and R2; and Windows 7 allows remote attackers to execute arbitrary code by accessing a pointer associated with a deleted object, related to incorrectly initialized memory and improper handling of objects in memory, as exploited in the wild in December 2009 and January 2010 during Operation Aurora, aka "HTML Object Memory Corruption Vulnerability."

CVE-2026-9082 is a SQL injection vulnerability found within the database abstraction API of Drupal core. This flaw specifically impacts Drupal websites that utilize PostgreSQL databases. An attacker can exploit this vulnerability by sending specially crafted requests, which can lead to arbitrary SQL injection. Successful exploitation of CVE-2026-9082 can result in information disclosure, and in some cases, privilege escalation or remote code execution. This vulnerability can be exploited by anonymous users. The security updates released for this issue also include fixes for upstream dependencies like Symfony and Twig.

CVE-2026-34926 is a directory traversal vulnerability found in the on-premise version of Trend Micro Apex One. This flaw enables a pre-authenticated local attacker to alter a key table on the server. By modifying this table, an attacker can inject malicious code, which is subsequently deployed to agents on affected installations. Exploitation of this vulnerability requires the attacker to have local access to the Apex One Server and already possess administrative credentials for that server. Trend Micro has noted instances of attempted exploitation of this vulnerability in real-world scenarios, leading to its inclusion in CISA's Known Exploited Vulnerabilities catalog.