By Pieter Arntz
Publication Date: 2026-05-21 17:36:00
Two Microsoft Defender vulnerabilities are being actively exploited in the wild.
On May 20, 2026, the Cybersecurity and Infrastructure Security Agency (CISA) added a notable set of actively exploited vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog. The KEV catalog tracks vulnerabilities known to be exploited in the wild and sets patch deadlines for Federal Civilian Executive Branch (FCEB) agencies.
Five of the added vulnerabilities are quite old by vulnerability standards. Patches were released in 2008, 2009, and 2010. But the Microsoft Defender vulnerabilities are from this year. Those two are:
- CVE‑2026‑41091 (CVSS score 7.8 out of 10): a Microsoft Defender elevation of privilege vulnerability. A local attacker who already has some access to a machine can abuse Defender to gain SYSTEM‑level permissions, effectively giving them full control over Windows.
- CVE‑2026‑45498 (CVSS score 4.0 out of 10): a Microsoft Defender…
