CVEFinder.io

CVE-2026-41091

⚠️ high
🔍 Scan for this CVE
Summary

Improper link resolution before file access ('link following') in Microsoft Defender allows an authorized attacker to elevate privileges locally.

CVSS Score
7.8
High
EPSS Score
5.9
Exploit Probability
Published Date
2026-05-20
First Seen: 2026-05-21
📊 Relative Risk Intelligence

This CVE is Moderate Risk - more severe than 69.6% of all 328,009 vulnerabilities in our database.

#99,625
Above average severity
Severity Percentile
🎯 CISA SSVC Assessment Updated: May 20, 2026
🔍 Exploitation Status
Active
Exploits detected in the wild
⚙️ Automatable
NO
Requires human interaction
💥 Technical Impact
Total
Complete system compromise possible
SSVC data provided by CISA
Last Modified 2026-05-20
Source NVD 🔗
CVSS Vector 3.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE IDs (Weakness Types)
CWE-59

📦 Affected Products 1

Vendor Product Status Affected Versions
microsoft malware_protection_engine Affected
> 1.1.26030.3008 < 1.1.26040.8

🔗 References 2

https://msrc.microsoft.com/update-guide/vulnerabilit...
Vendor Advisory
https://www.cisa.gov/known-exploited-vulnerabilities...
Third Party Advisory US Government Resource

🔗 Related CVEs 6

CVE ID Severity CVSS EPSS Summary Published
CVE-2026-45584 ⚠️ high 8.1 0.0 Heap-based buffer overflow in Microsoft Defender allows an unauthorized attacker to execute code over a network. 2026-05-20
CVE-2023-33156 🔶 medium 6.3 0.1 Microsoft Defender Elevation of Privilege Vulnerability 2023-07-11
CVE-2023-24860 ⚠️ high 7.5 4.1 Microsoft Defender Denial of Service Vulnerability 2023-04-11
CVE-2023-23389 🔶 medium 6.3 0.1 Microsoft Defender Elevation of Privilege Vulnerability 2023-03-14
CVE-2022-37971 ⚠️ high 7.1 0.3 Microsoft Windows Defender Elevation of Privilege Vulnerability 2022-10-11
CVE-2022-24548 🔶 medium 5.5 4.3 Microsoft Defender Denial of Service Vulnerability 2022-04-15
These CVEs affect the same products