COOEY // HUBcompliance · community · intelligence

Exposures › CVE-2026-41091

CVE-2026-41091

Severity
high · on CISA KEV actively exploited
Source
CISA-KEV · kev
Published
2026-05-20
Reference
https://nvd.nist.gov/vuln/detail/CVE-2026-41091
⌖ exploited in the wild shame 45/100 exploited-in-wildprivilege-escalation

Microsoft Defender allows local privilege escalation via link following, enabling unauthorized access to sensitive systems.

This vulnerability allows an authorized attacker to elevate privileges locally through link following, posing a significant risk to DIB organizations relying on Microsoft Defender for endpoint security. The exploitability of this vulnerability could lead to unauthorized access to sensitive systems, potentially compromising data integrity and confidentiality. DIB organizations should immediately patch their systems and review their security controls to mitigate the risk of privilege escalation.

Shame score — A local privilege escalation vulnerability in a widely used security product, though not remote, still poses a significant risk to DIB organizations.

Players implicated

Microsoft · vendorDefender · product

Description

Microsoft Defender contains a link following vulnerability that allows an authorized attacker to elevate privileges locally.

Affected FedRAMP products 4 in the catalog

ProductProviderStatusMatch
Azure Commercial Cloud Microsoft Authorized vendor-exact · 0.90
Azure Government (includes Dynamics 365) Microsoft Authorized vendor-exact · 0.90
Microsoft Office 365 GCC High Microsoft In Process vendor-exact · 0.90
Office 365 Multi-Tenant & Supporting Services Microsoft Authorized vendor-exact · 0.90