Two actively exploited vulnerabilities affect Microsoft Defender: CVE-2026-41091 (CVSS 7.8 HIGH) is a local privilege escalation flaw in the Malware Protection Engine due to improper link resolution, allowing an attacker to gain SYSTEM privileges, while CVE-2026-45498 (CVSS 4.0 MEDIUM) can cause a denial-of-service condition. CVE-2026-41091 affects Microsoft Malware Protection Engine versions 1.1.26030.3008 through 1.1.26040.7, fixed in version 1.1.26040.8; CVE-2026-45498 affects Microsoft Defender Antimalware Platform versions 4.18.26030.3011 through 4.18.26040.6, fixed in version 4.18.26040.7.
Attackers are exploiting two Microsoft Defender vulnerabilities (CVE-2026-41091 and CVE-2026-45498), Microsoft acknowledged and CISA confirmed by adding them to its Known Exploited Vulnerabilities catalog. The vulnerabilities CVE-2026-41091 allows for local privilege elevation (LPE), and is caused by the Microsoft Malware Protection Engine improperly resolving links before accessing files. “An attacker who successfully exploited this vulnerability could gain SYSTEM privileges,” Microsoft noted. CVE-2026-45498 can cause a denial-of-service (DoS) state, i.e., it can be used to prevent … More → The post Microsoft Defender vulnerabilities exploited in the wild (CVE-2026-41091, CVE-2026-45498) appeared first on Help Net Security .