KEV · Actively exploited
CVE-2026-41091
HIGH 7.8
KEV
Microsoft Defender Elevation of Privilege Vulnerability
EPSS
8.01%
above median
percentile 92.3%
CISA Known Exploited Vulnerability
- Added to KEV
- 2026-05-20
- Remediation deadline
- 2026-06-03
- Required action
- Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Ransomware
- No