← ExploitWatch
HomeExploited Vulnerabilities

CVE-2026-41091 — Actively Exploited: Defender (Microsoft)

Microsoft Defender contains a link following vulnerability that allows an authorized attacker to elevate privileges locally.

CVE IDCVE-2026-41091
VendorMicrosoft
ProductDefender
Vulnerability nameMicrosoft Defender Link Following Vulnerability
Date added2026-05-20
Remediation due2026-06-03
Known ransomware useUnknown
Required actionApply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
DescriptionMicrosoft Defender contains a link following vulnerability that allows an authorized attacker to elevate privileges locally.
SourceCISA Known Exploited Vulnerabilities

🔍 Search all exploited vulnerabilities →