CVE-2026-41091
Microsoft Defender Elevation of Privilege Vulnerability
In short
Microsoft Defender incorrectly handles file links, allowing an authorized user on your computer to gain higher privileges and take control of the system. This is a local attack that requires someone with basic access to exploit.
Technical detail
CWE-59 (link following) vulnerability in Microsoft Defender's file access mechanism allows privilege escalation when an authenticated local user can manipulate symbolic or hard links to redirect file operations. The vulnerability requires local access and valid credentials but bypasses privilege boundary controls.
Summary generated and translated by AI from the official description.
Improper link resolution before file access ('link following') in Microsoft Defender allows an authorized attacker to elevate privileges locally.
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Affected products
Microsoft · Microsoft Malware Protection Enginepublic PoCs found — 3
githubgithub.com/0xBlackash/CVE-2026-41091★ 9githubgithub.com/tc4dy/CVE-2026-41091-PoC-Exploit★ 2githubgithub.com/ridhinva/defender-privilege-escalation-scanner★ 0⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →