Vulnerability Details CVE-2026-41091
Improper link resolution before file access ('link following') in Microsoft Defender allows an authorized attacker to elevate privileges locally.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.095
EPSS Ranking 93.0%
CVSS Severity
CVSS v3 Score 7.8
Proposed Action
Microsoft Defender contains a link following vulnerability that allows an authorized attacker to elevate privileges locally.
Ransomware Campaign
Unknown
References
Products affected by CVE-2026-41091
-
cpe:2.3:a:microsoft:malware_protection_engine:*