CVE-2026-41091
Microsoft Defender Elevation of Privilege Vulnerability
Description
Improper link resolution before file access ('link following') in Microsoft Defender allows an authorized attacker to elevate privileges locally.
In plain language
AI Act nowCVE-2026-41091 is a serious Microsoft Defender weakness that can let an attacker gain higher access on your device if they can already run something there; if you use Microsoft Defender, you should act urgently because it is known to be exploited in the wild.
What to do
- Update Microsoft Malware Protection Engine / Microsoft Defender to the latest security update your vendor provides for CVE-2026-41091.
- Check with your IT person (or Microsoft management tools) that endpoints actually installed the Defender/engine update, not just that “updates were pending.”
- Review endpoint security logs for unusual local activity around Defender and privilege changes, and isolate any suspicious device immediately.
CVSS Vector Breakdown
AV:LAttack VectorAC:LAttack ComplexityPR:LPrivileges RequiredUI:NUser InteractionS:UScopeC:HConfidentialityI:HIntegrityA:HAvailabilityWeaknesses
Affected Products
Exploitability
Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Attack Graph
Click technique nodes for MITRE ATT&CK details · drag to pan · Ctrl/⌘ + scroll to zoom, or go fullscreen.
MITRE ATT&CK
2 techniquesReferences
Unlock Complete Vulnerability Intelligence
Get the full picture for CVE-2026-41091 and every CVE in our database. Create a free account — no credit card required.
Create Free Account