On Wednesday, america Cybersecurity and Infrastructure Safety Company (CISA), added the 2 vulnerabilities, tracked as CVE-2026-41091 and CVE-2026-45498, to its Identified Exploited Vulnerabilities (KEV) catalog, signaling that exploitation was detected within the wild.
Safety consultants report that the 2 flaws are behind the RedSun and UnDefend exploits printed final month on GitHub by a disgruntled researcher who calls themselves Nightmare Eclipse. Whereas believable, Microsoft has not talked about these exploit names in its advisories for these two vulnerabilities.
The privilege escalation flaw, CVE-2026-41091, is situated in mpengine.dll, the Microsoft Malware Safety Engine (MPE) part that handles file scanning, malware detection, and cleansing in a number of Microsoft anti-malware merchandise: Microsoft Defender, Microsoft System Heart Endpoint Safety, Microsoft System Heart 2012 R2 Endpoint Safety, Microsoft System Heart 2012 Endpoint Safety, and Microsoft Safety Necessities.
The vulnerability is described as an improper hyperlink decision earlier than file entry problem. In different phrases, it’s associated to a link- or shortcut-following routine that has unintended penalties. The flaw is rated with a CVSS rating of seven.8, which means excessive severity.
