ctipilot.ch

Microsoft Defender Engine network RCE — heap buffer overflow; CVSS 8.1; same Engine update closes both this and CVE-2026-41091

cve · CVE-2026-45584

Coverage timeline
1
first 2026-05-20 → last 2026-05-20
Briefs
1
1 distinct
Sources cited
124
53 hosts
Sections touched
1
trending_vulns
Co-occurring entities
2
see Related entities below

Story timeline

  1. 2026-05-20CTI Daily Brief — 2026-05-20
    trending_vulnsFirst-coverage; MSRC 2026-05-19; no exploitation observed but companion to actively-exploited CVE-2026-41091

Where this entity is cited

  • trending_vulns1

Source distribution

  • attack.mitre.org21 (17%)
  • microsoft.com11 (9%)
  • msrc.microsoft.com9 (7%)
  • bleepingcomputer.com7 (6%)
  • thehackernews.com6 (5%)
  • github.com5 (4%)
  • security-hub.ncsc.admin.ch4 (3%)
  • thezdi.com4 (3%)
  • other57 (46%)

Related entities

External references

NVD · cve.org · CISA KEV

All cited sources (124)

Items in briefs about Microsoft Defender Engine network RCE — heap buffer overflow; CVSS 8.1; same Engine update closes both this and CVE-2026-41091 (1)

CVE-2026-45584 — Microsoft Defender Engine heap-buffer-overflow RCE over network

From CTI Daily Brief — 2026-05-20 · published 2026-05-20 · view item permalink →

Microsoft also disclosed CVE-2026-45584 on 2026-05-19 — a heap-based buffer overflow in the Defender Engine reachable over the network (AV:N), allowing unauthenticated code execution in the Defender process context. CVSS 8.1; no exploitation observed at disclosure, no public PoC. The same Engine update (≥ 1.1.26040.8) that closes CVE-2026-41091 also closes CVE-2026-45584. Network-reachable code execution inside an endpoint security product is operationally severe — successful exploitation lands attacker code in the same privileged context as Defender. Treat the Engine version verification step as covering both CVEs.