Microsoft Defender contains a link following vulnerability that allows an authorized attacker to elevate privileges locally.
[POC] CVE-2026-41091 — CVE-2026-41091
CVE-2026-41091
[POC] CVE-2026-41091 — CVE-2026-41091-PoC-Exploit
🔥 CVE-2026-41091 SolarFlare | Microsoft Defender LPE exploit. Low-privileged users gain NT AUTHORITY\SYSTEM via Cloud Files API + NTFS junction trickery. Forces Defender to write malicious payloads to System32 with SYSTEM rights. ⚠️ Actively exploited in wild. CVSS 7.8. Patch: Defender Engine 1.1.26040.8. 🛡️ Educational PoC only.
[POC] CVE-2026-41091 — defender-vulnerability-scanner
CVE-2026-41091 / CVE-2026-45498 Microsoft Defender vulnerability scanner
Get alerted for CVEs like this
Register your stack and get notified within minutes when a matching CVE drops.
Start monitoring free