CVE-2026-41091

Analyzed
Published: 20 May 2026, 13:09
Last modified:19 Jun 2026, 16:13

Vulnerability Summary

Overall Risk (default)
medium
33/100
CVSS Score
7.8 HIGH
v3.1 (cve.org)
EPSS Score
8.37% LOW
8% probability 0.00%
KEV
Listed
CISA
1 listing
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected

Timeline

20 May 2026, 13:09
Published
Vulnerability first disclosed
20 May 2026, 00:00
Added to CISA KEV
Microsoft Defender Link Following Vulnerability
03 Jun 2026, 00:00
CISA Remediation Due
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
19 Jun 2026, 16:13
Last Modified
Vulnerability information updated

Description

Improper link resolution before file access ('link following') in Microsoft Defender allows an authorized attacker to elevate privileges locally.

CVSS Metrics

  • v3.1HIGHScore: 7.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
  • v3.1HIGHScore: 7.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Trends

Current EPSS score: 8.37% Percentile: 94%

Techniques & Countermeasures

  • CWE-59Improper Link Resolution Before File Access ('Link Following')

    The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

Affected Systems

  • UnknownMalware Protection Engine

    ≥ 1.1.26030.3008, < 1.1.26040.8

  • microsoftmicrosoft malware protection engine

    - | ≥ 1.1.0.0, < 1.1.26040.8

References (2)