CVE-2026-41091 – Microsoft Defender

CVSS 7.8 IMPORTANT

“A security engine under attack becomes a business risk the moment it falls behind on patches.”

Microsoft released patches for three vulnerabilities impacting the Microsoft Defender Antimalware Platform and Microsoft Malware Protection Engine. Two of the vulnerabilities are confirmed as actively exploited. CVE-2026-45498 has a CVSS score of 4.0, which is Medium severity. CVE-2026-41091 and CVE-2026-33825 have a CVSS score of 7.8, which is High severity. CVE-2026-45584 has a CVSS score of 8.1, which is High severity.

The update addresses a denial-of-service issue, a local elevation-of-privilege vulnerability, and a heap-based memory issue that could allow remote code execution. The elevation-of-privilege vulnerability can allow attackers to gain higher local access, while the remote code execution issue affects the Malware Protection Engine responsible for scanning and processing content.

Key Details

Affected Product: Microsoft Malware Protection Engine
Attack Vector: Local
Attack Complexity: Low
Privileges Required: Low
User Interaction: None
CWE Classification: CWE-59

Patch this CVE on all your endpoints in under 5 minutes. First 200 endpoints are free forever, scale as needed.

CVE-2026-41091 – Microsoft Defender

Key Details

Stay Tuned

PLATFORM

SOLUTIONS

RESOURCES

COMPANY

LEGAL

CONTACTS

+1-346-444-8530

Toll Free: 833-444-8530

708 Main St, 10th FL, Houston, TX 77002