CVE-2026-41091
Published May 20, 2026
Last updated 24 days ago
AI description
CVE-2026-41091 is a privilege escalation vulnerability found in Microsoft Defender. The flaw stems from improper link resolution before file access, often referred to as 'link following', within the Microsoft Malware Protection Engine (version 1.1.26030.3008 and earlier). This vulnerability allows an authorized attacker to locally elevate their privileges on an affected system. The issue arises from how Defender processes symbolic links and hard links, enabling attackers to manipulate file system traversal and gain higher-level access. Reports indicate that this vulnerability is already being exploited in the wild.
- Description
- Improper link resolution before file access ('link following') in Microsoft Defender allows an authorized attacker to elevate privileges locally.
- Source
- secure@microsoft.com
- NVD status
- Analyzed
- Products
- malware_protection_engine
CVSS 3.1
- Type
- Secondary
- Base score
- 7.8
- Impact score
- 5.9
- Exploitability score
- 1.8
- Vector string
- CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
Data from CISA
- Vulnerability name
- Microsoft Defender Link Following Vulnerability
- Exploit added on
- May 20, 2026
- Exploit action due
- Jun 3, 2026
- Required action
- Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- secure@microsoft.com
- CWE-59
- Hype score
- Not currently trending
https://t.co/eED8FsZ8zL Critical actively exploited Vuln. - CVE-2026-41089 – Windows Server Netlogon Privilege Escalation - CVE-2026-41091 – Microsoft Defender Privilege Escalation - CVE-2026-45498 – Microsoft Defender Denial of Service
@Mahendrak29
9 Jun 2026
21 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 #Vulnerabilidad crítica de escalada de privilegios en Microsoft Defender (CVE-2026-41091 / CVE-2026-45498) (+MITIGACIÓN) https://t.co/BebWtRlAGy
@newstecnicas
7 Jun 2026
28 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2026-41091: 🚨 Microsoft patched two Defender zero-days (CVE-2026-41091 & CVE-2026-45498) — one escalates a low-privileged attacker to SYSTEM level (local exploit, no user interaction needed), the other causes a denial-of-service. Both actively exploited; CISA…
@lyrie_ai
7 Jun 2026
23 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
11:00 UTC: CVE-2026-41091 disclosed. 🚨 Microsoft warns two Defender vulnerabilities are being actively exploited in the wild. 🔸 C 0day Intel: 🚨 Microsoft warns two Defender vulnerabilities are being actively exploited in
@lyrie_ai
7 Jun 2026
6 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
⚠️ ثغرة تصعيد امتيازات في Microsoft Defender تحت استغلال فعلي تمنح المهاجم صلاحيات SYSTEM، أضافتها CISA لقائمة KEV المعرّف : CVE-2026-41091 درجة الخطورة : 7.8 (CVSS) - High الحل : Update
@KasperskyDev
6 Jun 2026
177 Impressions
1 Retweet
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Two Microsoft Defender Zero Days Exploited Wordfence Security News Clip | May 25, 2026 Microsoft rushed out-of-band Defender updates for two zero-days, CVE-2026-41091 and CVE-2026-45498, both confirmed exploited in the wild. Attackers chain BlueHammer or Red Sun for https://t.
@wordfence
5 Jun 2026
102 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Two Microsoft Defender Zero Days Exploited Wordfence Security News Clip | May 25, 2026 Microsoft rushed emergency out-of-band Defender updates for two zero-days - CVE-2026-41091 and CVE-2026-45498 - already exploited in the wild. Attackers combine BlueHammer or Red Sun to gain
@wordfence
5 Jun 2026
115 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
【Microsoft Defenderの脆弱性2件が実悪用】 Microsoft DefenderのCVE-2026-41091とCVE-2026-45498について、実悪用が確認されています。 CVE-2026-41091は権限昇格によりSYSTEM権限取得につながる可能性があり、CVE-2026-45498はDefender
@01ra66it
3 Jun 2026
162 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🛡️ استغلال فعّال لثغرتين في Microsoft Defender: CVE-2026-41091 (صلاحيات SYSTEM) و CVE-2026-45498 (DoS) CISA أضافتهما لـ KEV بمهلة 3 يونيو 2026. حدّث Antimalware Platform فوراً. 🔗 المصدر: The Hacker News #C
@azez_alzamil
3 Jun 2026
45 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
https://t.co/oRe1yxVAe2 Check for updates: Defender vulnerabilities were actively exploited. Microsoft has patched three security vulnerabilities in Defender that organizations should check: CVE-2026-41091, CVE-2026-45584, and CVE-2026-45498. Two of the vulnerabilities have r
@B2bCyber
2 Jun 2026
34 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Updates prüfen: Defender-Lücken wurden aktiv attackiert https://t.co/0ken7JP267 Microsoft hat drei Sicherheitslücken in Defender geschlossen, die Unternehmen prüfen sollten: Betroffen sind CVE-2026-41091, CVE-2026-45584 und CVE-2026-45498. Zwei der Schwachstellen wurden lau
@B2bCyber
2 Jun 2026
40 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
🚨 #Vulnerabilidad crítica de escalada de privilegios en #Microsoft #Defender (CVE-2026-41091 / CVE-2026-45498) (+MITIGACIÓN) https://t.co/BebWtRlAGy
@newstecnicas
1 Jun 2026
35 Impressions
1 Retweet
1 Like
0 Bookmarks
0 Replies
0 Quotes
BREAKING: Reports claim "Nightmare Eclipse" has been removed from GitHub and GitLab. Linked CVEs: • CVE-2026-45585 • CVE-2026-45498 • CVE-2026-41091 No official confirmation from MITRE or Microsoft MSRC. https://t.co/IgJH6qkwXl #CyberSecurity #InfoSec #CVE #MasaudSec #h
@masaudsec
31 May 2026
149 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Microsoft Defender: CVE-2026-41091 und CVE-2026-45498 aktiv ausgenutzt. Sofortiges Patchen erforderlich. #ITSecurity #MicrosoftDefender #CVE https://t.co/V7oIVyXjrI
@wall_your_x
29 May 2026
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Microsoft Defender vulnerabilities CVE-2026-41091 and CVE-2026-45498 were exploited in the wild. Verify Defender engine and platform versions instead of assuming automatic updates completed. Source: https://t.co/yLbuqR1ENs...
@InfosecDotWatch
28 May 2026
32 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Microsoft исправила 0-day-уязвимости UnDefend и RedSun Разработчики выпустили внеплановые исправления двух 0-day-уязвимостей в Microsoft Defender. Речь идет о багах CVE-2026-41091 и CVE
@XakepRU
26 May 2026
372 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Microsoft Defenderに悪用確認の脆弱性2件、CISAも警告―1週間で3件のMS製品ゼロデイ 2026年5月22日 Microsoftは2026年5月20日にCVE情報を公開し、翌21日に複数のセキュリティメディアがDefenderにおける2件の脆弱性の実環境
@inoritodo
26 May 2026
32 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
【Microsoft Defenderの2件のゼロデイが実悪用、CISA KEVにも追加】 Microsoft DefenderのCVE-2026-41091とCVE-2026-45498が、実悪用されたゼロデイとして修正されました。
@01ra66it
26 May 2026
227 Impressions
1 Retweet
0 Likes
1 Bookmark
0 Replies
0 Quotes
🚨 Your clients' Defender just became their attack door. Active exploitation means silence = breach liability for you. Patch CVE-2026-41091 and CVE-2026-45498 in 24h, then tell every client you did. Document it. #mssp #zerodayresponse https://t.co/OV2F4X3Yjw
@bettermssp
25 May 2026
151 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨🖥️「Microsoft Defender」に権限昇格やDoS脆弱性 - 悪用を確認:Security NEXT マイクロソフトは、Microsoft Defenderに存在する実際に悪用済みのゼロデイ脆弱性「RedSun (CVE-2026-41091)」および「UnDefend (CVE-2026-45498)」に
@WJf4szkSeHcwQyq
25 May 2026
79 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
【Microsoft Defenderのゼロデイ2件が実悪用、KEV追加】 Microsoft Defender関連のCVE-2026-41091とCVE-2026-45498が、攻撃で悪用されています。 CVE-2026-41091はMalware Protection Engineの権限昇格、CVE-2026-45498はDefender Antimalware Platform
@01ra66it
25 May 2026
356 Impressions
2 Retweets
2 Likes
1 Bookmark
0 Replies
0 Quotes
Microsoft、ゼロデイ 脆弱性のRedSun(CVE-2026-41091)とUnDefend(CVE-2026-45498)の緊急パッチを公開・YellowKey(CVE-2026-45585)は「緩和策のみ」 https://t.co/0SdkLe41S3 #セキュリティ対策Lab #security #securitynews
@securityLab_jp
24 May 2026
152 Impressions
0 Retweets
0 Likes
1 Bookmark
0 Replies
0 Quotes
Microsoft Defender #ITSecurity patches coming real soon, https://t.co/McjfTmci91 CVE-2026-41091 allows for local privilege elevation (LPE), CVE-2026-45498 can cause a denial-of-service (DoS) state,
@seaarepea
24 May 2026
52 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Microsoft Defender Zero-Day CVE-2026-41091: CISA Issues Patch Mandate https://t.co/kJSWvW8BzZ #Cyberupdates #Cybertechnews #Cybersecurity
@CyberInsights1
24 May 2026
7 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
🚨 #Vulnerabilidad crítica de escalada de privilegios en #Microsoft #Defender (CVE-2026-41091 / CVE-2026-45498) (+MITIGACIÓN) https://t.co/BebWtRm8w6
@newstecnicas
24 May 2026
58 Impressions
1 Retweet
0 Likes
0 Bookmarks
0 Replies
0 Quotes
【Microsoft Defenderの2脆弱性が実悪用】 Microsoft DefenderのCVE-2026-41091とCVE-2026-45498について、実悪用が報告されています。 CVE-2026-41091は権限昇格によりSYSTEM権限取得につながる可能性があり、CVE-2026-45498はDoSに関係
@01ra66it
23 May 2026
203 Impressions
0 Retweets
0 Likes
3 Bookmarks
0 Replies
0 Quotes
Two Microsoft Defender flaws are being actively exploited in the wild — CVE-2026-41091 (privilege escalation, CVSS 7.8) and CVE-2026-45498 (DoS). CISA added both to its KEV catalog; federal agencies must patch by June 3. Check your update queue.
@tbuzzdaily
22 May 2026
45 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️ ACTIVE EXPLOITATION ALERT: Flaws in Microsoft Defender (CVE-2026-41091, CVE-2026-45498) are being used by attackers to gain SYSTEM privileges and disable AV. Patch the Malware Protection Engine immediately! #CyberSecurity #Vulnerability #PatchNow 🌐 cyber[.]netsecops[.]
@NetSecIO
22 May 2026
68 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Microsoft Defender zero‑days actively exploited in the wild. CVE-2026-41091 (CVSS 7.8): Local privilege escalation CVE-2026-45498 (CVSS 4.0): Denial of service → Defender crashes, protection disabled 🔗 https://t.co/R7U3bzdppP #CyberSecurity #CVE202641091 #CVE2026
@ThreatAft
22 May 2026
59 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
2 Defender zero-days chained in live attacks: CVE-2026-45498 kills AV, CVE-2026-41091 escalates to SYSTEM. CISA KEV added May 20. Patch Engine to 1.1.26040.8 now. https://t.co/hi6Gy04edk #CyberSecurity #ZeroDay #Windows #CISA #PatchNow https://t.co/CXWcIL9xvJ
@DecryptionDigst
22 May 2026
93 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Microsoft Patches Actively Exploited Defender Vulnerabilities Affecting Enterprise Systems https://t.co/LVpJTr7xGm Microsoft has confirmed active exploitation of two security vulnerabilities in its security ecosystem, identified as CVE-2026-41091 and CVE-2026-45498, both eval
@f1tym1
22 May 2026
38 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Update Your Security Now: Microsoft Defender elevation of Privilege Vulnerability for CVE-2026-41091 & CVE-2026-45498 and More #Microsoft #Defender #Vulnerability #CVE-2026-41091 https://t.co/RHwE35IXMo
@SudamaSb
22 May 2026
18 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Update Your Security Now: Microsoft Defender elevation of Privilege Vulnerability for CVE-2026-41091 #Microsoft #Defender #Vulnerability #CVE-2026-41091 https://t.co/KQJUjtdSqM
@SudamaSb
22 May 2026
24 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
New! CISA warns of active exploitation of two Microsoft Defender zero-days (CVE-2026-41091, CVE-2026-45498), risking system compromise & DoS. Patching Langflow & Trend Micro Apex One also critical due to active exploits. Protect data now! #Cybersecurity #Vulnerabilities #
@YourAnon_irc
22 May 2026
56 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
マイクロソフト、Defenderの悪用されたゼロデイを修正(CVE-2026-41091、CVE-2026-45498) | Codebook|Security News https://t.co/FZkk4mZYCU
@ohhara_shiojiri
22 May 2026
80 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🔨マイクロソフト、Defenderの悪用されたゼロデイを修正(CVE-2026-41091、CVE-2026-45498) ⚠️Cisco Secure WorkloadにCVSS 10.0の重大な脆弱性、サイト管理者権限を付与する恐れ(CVE-2026-20223) 〜サイバーアラート5月22日
@MachinaRecord
22 May 2026
167 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
CVE-2026-41091、CVE-2026-45498。Microsoft Defenderに2件のゼロデイ。 特権昇格とDoS、すでに悪用。 ↓詳細はリプライで #脆弱性 https://t.co/XJsNy4Idnt
@motch_dev
22 May 2026
61 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Microsoft patches two Defender zero-days (CVE-2026-41091, CVE-2026-45498) actively exploited for privilege escalation and DoS. CISA orders federal agencies to patch by June 3rd. #DFIR_Radar https://t.co/AfAgZSjoIE
@DFIR_Radar
22 May 2026
147 Impressions
0 Retweets
2 Likes
0 Bookmarks
1 Reply
0 Quotes
【Microsoft Defenderの権限昇格・DoS脆弱性、悪用確認】 Microsoft Defenderで、CVE-2026-41091とCVE-2026-45498の悪用が確認されています。 CVE-2026-41091は、Microsoft Malware Protection
@01ra66it
21 May 2026
552 Impressions
1 Retweet
4 Likes
1 Bookmark
0 Replies
0 Quotes
Microsoft says CVE-2026-41091 and CVE-2026-45498 in Defender are actively exploited. One can raise local privileges to SYSTEM, the other causes DoS. Fixed in Defender platform updates. #Microsoft #Defender #CISA https://t.co/dBCj7CXykf
@TweetThreatNews
21 May 2026
226 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Microsoft Defenderの脆弱性が実際に悪用される事例が発生(CVE-2026-41091、CVE-2026-45498) Microsoft Defender vulnerabilities exploited in the wild (CVE-2026-41091, CVE-2026-45498) #HelpNetSecurity (May 21) https://t.co/McG2NtTVhC
@foxbook
21 May 2026
218 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
MS Defenderの特権昇格(CVE-2026-41091/CVSS 7.8)とDoS(CVE-2026-45498)を悪用。link following不備でSYSTEM奪取可能。Antimalware Platform 1.1.26040.8等で修正、CISAはKEV追加し6/3まで適用要 / Microsoft Warns of Two Actively Exploited Defender Vulnerabiliti
@__su888
21 May 2026
77 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
⚠️ ACTIVE EXPLOITATION ALERT: Flaws in Microsoft Defender (CVE-2026-41091, CVE-2026-45498) are being used by attackers to gain SYSTEM privileges and disable AV. Patch the Malware Protection Engine immediately! #CyberSecurity #Vulnerability #PatchNow 🌐 cyber[.]netsecops[.]
@NetSecIO
21 May 2026
96 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Microsoft Defender CVEs: CVE-2026-41091 (local privilege escalation) and CVE-2026-45498 (denial of service) https://t.co/NMfudKi8qc
@ToolsLib
21 May 2026
58 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🛡️ CVE-2026-41091 + CVE-2026-45498 | CISA KEV | June 3 Deadline Two Defender zero-days: SYSTEM LPE via symlink + DoS that blinds Defender entirely. Fixed in MMPE 1.1.26040.8. Run Get-MpComputerStatus and verify now. https://t.co/JNC6p8qWJT
@colibrisec
21 May 2026
2 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Microsoft Defender vulnerabilities exploited in the wild (CVE-2026-41091, CVE-2026-45498) https://t.co/gcpvitkAAM Attackers are exploiting two Microsoft Defender vulnerabilities (CVE-2026-41091 and CVE-2026-45498), Microsoft acknowledged and CISA confirmed by adding them to it
@f1tym1
21 May 2026
43 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 MICROSOFT DEFENDER: Dos zero-days activamente explotados 🔴 CVE-2026-41091 (EoP → SYSTEM) 🔴 CVE-2026-45498 (DoS) ⚠️ CISA los añadió a su catálogo KEV. ¡Parche disponible! #Microsoft #Defender #0Day #CVE #Ciberseguridad https://t.co/A0mWTxJxv0
@esecintelcl
21 May 2026
81 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2026-41091 & CVE-2026-45498: Analisis Teknis Link Following LPE dan DoS di Microsoft Defender. #ethicalhackingindonesia #cve #microsoft #windowsdefender #localprevilageescalation https://t.co/FM1XucPCwX
@SavaBenediktus
21 May 2026
45 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Acaba de confirmarse: Microsoft Defender tiene dos vulnerabilidades explotadas en el mundo real, identificadas como CVE-2026-41091 y CVE-2026-45498. Microsoft Defender es el producto afectado. La vulnerabilidad CVE-2026-41091 permite la elevación de privilegios local. Estas
@BotBauR
21 May 2026
65 Impressions
1 Retweet
2 Likes
1 Bookmark
0 Replies
0 Quotes
Vulnerability Alert — Microsoft Defender Microsoft disclosed two actively exploited Defender vulnerabilities now added to CISA’s KEV catalog. • CVE-2026-41091 (CVSS 7.8) — Privilege escalation to SYSTEM • CVE-2026-45498 (CVSS 4.0) — Denial of Service Organizations
@CloneSystemsInc
21 May 2026
65 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:malware_protection_engine:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AD1882FA-1447-46F7-A592-142F55820A60",
"versionEndExcluding": "1.1.26040.8",
"versionStartIncluding": "1.1.26030.3008",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]