Microsoft Defender Multiple Vulnerabilities

Release Date: 21 May 2026

RISK: High Risk

TYPE: Security software and application - Security Software & Appliance

Multiple vulnerabilities were identified in Microsoft Defender. Attacker could exploit some of these vulnerabilities to trigger denial of service condition and elevation of privilege on the targeted system.

 

Note:

CVE-2026-45498 is being exploited in the wild.  Microsoft Defender contains an unspecified vulnerability that allows for denial of service.

CVE-2026-41091 is being exploited in the wild. Improper link resolution before file access ('link following') in Microsoft Defender allows an authorized attacker to elevate privileges locally. 

 

Hence, the risk level is rated as High Risk.

---

Impact

• Denial of Service
• Elevation of Privilege

---

System / Technologies affected

• Microsoft Malware Protection Engine

---

Solutions

Before installation of the software, please visit the software vendor web-site for more details.

Apply fixes issued by the vendor:

• https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-41091
• https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-45498

---

Vulnerability Identifier

• CVE-2026-41091
• CVE-2026-45498

---

Source

• Microsoft
• https://www.cisa.gov/news-events/alerts/2026/05/20/cisa-adds-seven-known-exploited-vulnerabilities-catalog

---

Related Link

• https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-41091
• https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-45498
• https://www.cisa.gov/news-events/alerts/2026/05/20/cisa-adds-seven-known-exploited-vulnerabilities-catalog