Exposures › CVE-2026-41091
Microsoft Defender allows local privilege escalation via link following, enabling unauthorized access to sensitive systems.
This vulnerability allows an authorized attacker to elevate privileges locally through link following, posing a significant risk to DIB organizations relying on Microsoft Defender for endpoint security. The exploitability of this vulnerability could lead to unauthorized access to sensitive systems, potentially compromising data integrity and confidentiality. DIB organizations should immediately patch their systems and review their security controls to mitigate the risk of privilege escalation.
Shame score — A local privilege escalation vulnerability in a widely used security product, though not remote, still poses a significant risk to DIB organizations.
Microsoft Defender contains a link following vulnerability that allows an authorized attacker to elevate privileges locally.
| Product | Provider | Status | Match |
|---|---|---|---|
| Azure Commercial Cloud | Microsoft | Authorized | vendor-exact · 0.90 |
| Azure Government (includes Dynamics 365) | Microsoft | Authorized | vendor-exact · 0.90 |
| Microsoft Office 365 GCC High | Microsoft | In Process | vendor-exact · 0.90 |
| Office 365 Multi-Tenant & Supporting Services | Microsoft | Authorized | vendor-exact · 0.90 |