Vulnerability Details CVE-2026-21537
Improper control of generation of code ('code injection') in Microsoft Defender for Linux allows an unauthorized attacker to execute code over an adjacent network.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 14.1%
CVSS Severity
CVSS v3 Score 8.8
Products affected by CVE-2026-21537
-
cpe:2.3:a:microsoft:defender_for_endpoint:-