CVE-2026-41091

Name of the Vulnerable Software and Affected Versions Microsoft Defender (affected versions not specified)

Description Improper link resolution before file access, also known as link following, in the Microsoft Malware Protection Engine allows an authorized attacker to elevate privileges locally to SYSTEM level. Additionally, the Microsoft Defender Antimalware Platform is subject to uncontrolled resource consumption, which could allow an attacker to cause a denial of service. This issue was actively exploited in real-world incidents before patches were released.

Recommendations Update Microsoft Defender immediately. Keep Windows fully patched. Enable multi-factor authentication and the principle of least privilege. Monitor for suspicious privilege escalation activity.