Microsoft Defender vulnerabilities are being exploited in the wild

Two Microsoft Defender vulnerabilities are being actively exploited in the wild. On May 20, 2026, the Cybersecurity and Infrastructure Security Agency CISA added a notable set of actively exploited vulnerabilities to its Known Exploited Vulnerabilities KEV catalog. The KEV catalog tracks...

Microsoft Warns of Two Actively Exploited Defender Vulnerabilities

Microsoft has disclosed that a privilege escalation and a denial-of-service flaw in Defender has come under active exploitation in the wild. The former, tracked as CVE-2026-41091 , is rated 7.8 on the CVSS scoring system. Successful exploitation of the flaw could allow an attacker to gain SYSTEM...

CVE-2026-45584

Heap-based buffer overflow in Microsoft Defender allows an unauthorized attacker to execute code over a network...

CVE-2026-45498

Microsoft Defender Denial of Service Vulnerability...

CVE-2026-41091

Improper link resolution before file access 'link following' in Microsoft Defender allows an authorized attacker to elevate privileges locally...

CVE-2026-45584 Microsoft Defender Remote Code Execution Vulnerability

...

CVE-2026-45584

Heap-based buffer overflow in Microsoft Defender allows an unauthorized attacker to execute code over a network...

EUVD-2026-31105

Heap-based buffer overflow in Microsoft Defender allows an unauthorized attacker to execute code over a network...

CVE-2026-45584

CVE-2026-45584 describes a heap-based buffer overflow in Microsoft Defender that enables remote code execution over a network. The affected product is Microsoft Defender; the root cause is a heap overflow vulnerability, leading to potential arbitrary code execution on exposed systems. The CVSS ve...

CVE-2026-45584 Microsoft Defender Remote Code Execution Vulnerability

...

CVE-2026-41091 Microsoft Defender Elevation of Privilege Vulnerability

...

CVE-2026-41091 Microsoft Defender Elevation of Privilege Vulnerability

...

EUVD-2026-31101

Improper link resolution before file access 'link following' in Microsoft Defender allows an authorized attacker to elevate privileges locally...

CVE-2026-41091

Improper link resolution before file access 'link following' in Microsoft Defender allows an authorized attacker to elevate privileges locally...

CVE-2026-41091

CVE-2026-41091 affects Microsoft Defender. It describes an improper link resolution before file access ("link following") vulnerability that lets an authorized local attacker elevate privileges. Based on the provided metadata, the exploit vector is LOCAL with LOW privileges required, no user inte...

CVE-2026-45498

Technical details are not publicly available in the provided documents for CVE-2026-45498; monitor for updates on affected products, impact, and remediation.

CVE-2026-45498

Microsoft Defender Denial of Service Vulnerability...

EUVD-2026-31102

Microsoft Defender Denial of Service Vulnerability...

CVE-2026-45498 Microsoft Defender Denial of Service Vulnerability

...

CVE-2026-45498 Microsoft Defender Denial of Service Vulnerability

...