High severity7.8CISA KEVNVD Advisory· Published May 20, 2026· Updated May 20, 2026
CVE-2026-41091
CVE-2026-41091
Description
Improper link resolution before file access ('link following') in Microsoft Defender allows an authorized attacker to elevate privileges locally.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- cpe:2.3:a:microsoft:malware_protection_engine:*:*:*:*:*:*:*:*Range: >=1.1.26030.3008,<1.1.26040.8
Patches
Vulnerability mechanics
References
2- msrc.microsoft.com/update-guide/vulnerability/CVE-2026-41091nvdVendor Advisory
- www.cisa.gov/known-exploited-vulnerabilities-catalognvdUS Government ResourceThird Party Advisory
News mentions
28- Microsoft working on a fix for RoguePlanet, a flaw that grants full PC controlMalwarebytes Labs · Jun 18, 2026
- Microsoft Confirms RoguePlanet Defender Zero-Day, Says Patch is in DevelopmentThe Hacker News · Jun 17, 2026
- Microsoft Working on Patch for ‘RoguePlanet’ Zero-DaySecurityWeek · Jun 17, 2026
- 15th June – Threat Intelligence ReportCheck Point Research · Jun 15, 2026
- Microsoft ships largest Patch Tuesday on record, with one bug under active attackThe Record · Jun 10, 2026
- New Windows Zero-Day Exploit ‘RoguePlanet’ ReleasedSecurityWeek · Jun 10, 2026
- Microsoft Defender RoguePlanet Zero-Day Grants SYSTEM Access on Updated WindowsThe Hacker News · Jun 10, 2026
- Patch Tuesday - June 2026Rapid7 Blog · Jun 9, 2026
- Microsoft breaks Patch Tuesday record with 206 vulnerabilitiesCyberScoop · Jun 9, 2026
- Microsoft’s June 2026 Patch Tuesday Addresses 198 CVEs ( CVE-2026-49160, CVE-2026-50507)Tenable Blog · Jun 9, 2026
- June 2026 Patch Tuesday forecast: Where are the CVEs?Help Net Security · Jun 5, 2026
- Microsoft Tries to Calm Legal Threat Fears After Zero-Day Disclosure BacklashSecurityWeek · Jun 3, 2026
- Microsoft MSRC Allegedly Dismissed Dependency Confusion Vulnerability, Claims ResearcherCyber Security News · Jun 2, 2026
- Critical Windows Netlogon RCE flaw now exploited in attacksBleepingComputer · Jun 1, 2026
- Microsoft Clarifies It Won’t Sue Security Researchers Amid Nightmare-Eclipse ControversyCyber Security News · Jun 1, 2026
- Microsoft Slams Public Zero-Day Disclosures Amid GitHub Researcher Account RemovalThe Hacker News · May 28, 2026
- Microsoft Condemns "Uncoordinated" Zero Day DisclosuresInfosecurity Magazine · May 28, 2026
- Microsoft Warns Public Release of Zero-Day Details Before Vendor CoordinationCyber Security News · May 28, 2026
- 25th May – Threat Intelligence ReportCheck Point Research · May 25, 2026
- ⚡ Weekly Recap: Linux Flaws, Defender 0-Days, Router Botnets, and Supply Chain ChaosThe Hacker News · May 25, 2026
- Week in review: GitHub breached via poisoned VS Code extension, critical NGINX flaw exploitedHelp Net Security · May 24, 2026
- The Good, the Bad and the Ugly in Cybersecurity – Week 21SentinelOne Labs · May 22, 2026
- Microsoft Defender vulnerabilities exploited in the wild (CVE-2026-41091, CVE-2026-45498)Help Net Security · May 21, 2026
- Microsoft Warns of Two Actively Exploited Defender VulnerabilitiesThe Hacker News · May 21, 2026
- Microsoft Patches Exploited UnDefend and RedSun Defender Zero-DaysSecurityWeek · May 21, 2026
- Microsoft warns of new Defender zero-days exploited in attacksBleepingComputer · May 21, 2026
- Microsoft: 6 Actively-Exploited Flaws Added to CISA KEVVypr Intelligence · May 20, 2026
- CISA Adds Seven Known Exploited Vulnerabilities to CatalogCISA Alerts