Detections
Analytics

CVE-2026-41091

high

Description

Improper link resolution before file access ('link following') in Microsoft Defender allows an authorized attacker to elevate privileges locally.

References

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-41091

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-41091

https://www.securityweek.com/new-windows-zero-day-exploit-rogueplanet-released/

https://therecord.media/microsoft-ships-largest-patch-tuesday-on-record

https://thehackernews.com/2026/06/microsoft-defender-rogueplanet-zero-day.html

https://securityaffairs.com/193417/security/microsoft-releases-record-breaking-patch-tuesday-with-208-cves.html

https://cyberscoop.com/microsoft-patch-tuesday-june-2026/

https://www.bleepingcomputer.com/news/microsoft/critical-windows-netlogon-remote-code-execution-flaw-now-exploited-in-attacks/

https://www.infosecurity-magazine.com/news/microsoft-uncoordinated-zeroday/

https://thehackernews.com/2026/05/microsoft-slams-public-zero-day.html

https://www.securityweek.com/microsoft-patches-exploited-undefend-and-redsun-defender-zero-days/

https://www.helpnetsecurity.com/2026/05/21/microsoft-defender-vulnerabilities-cve-2026-41091-cve-2026-45498/

https://www.bleepingcomputer.com/news/security/microsoft-warns-of-new-defender-zero-days-exploited-in-attacks/

https://thehackernews.com/2026/05/microsoft-warns-of-two-actively.html

https://securityaffairs.com/192508/security/u-s-cisa-adds-microsoft-and-adobe-flaws-to-its-known-exploited-vulnerabilities-catalog.html

https://www.cisa.gov/news-events/alerts/2026/05/20/cisa-adds-seven-known-exploited-vulnerabilities-catalog

https://securityaffairs.com/193436/security/chaotic-eclipse-unveils-rogueplanet-exploit-targeting-fully-patched-windows.html

https://www.pcworld.com/article/3116311/unpatched-microsoft-defender-flaw-lets-hackers-gain-admin-access.html

https://www.darkreading.com/cyberattacks-data-breaches/exploits-turn-windows-defender-attacker-tool

https://deadeclipse666.blogspot.com/2026/04/public-disclosure-response-for-cve-2026.html

https://www.tenable.com/blog/microsofts-june-2026-patch-tuesday-addresses-198-cves-cve-2026-49160-cve-2026-50507

Details

Source: Mitre, NVD

Published: 2026-05-20

Updated: 2026-05-20

Named Vulnerability: RedSunKnown Exploited Vulnerability (KEV)

Risk Information

CVSS v2

Base Score: 6.8

Vector: CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C

Severity: Medium

CVSS v3

Base Score: 7.8

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Severity: High

EPSS

EPSS: 0.12101

Vulnerability Watch

Tenable Research has classified this CVE under the following Vulnerability Watch classification, which includes active and historical (inactive) classifications. You can learn more about these classifications on our blog.

Vulnerability of Interest