CISA 2026-05-20

CISA Adds Seven Known Exploited Vulnerabilities to Catalog

Machine-generated analysis · WAYSCloud LLM

The advisory includes two recently added vulnerabilities in Microsoft Defender, a security product with broad deployment across federal systems.

Context

The affected products include legacy Microsoft Windows, Internet Explorer, DirectX, Adobe Acrobat and Reader, and current Microsoft Defender components. The advisory states these vulnerabilities are actively exploited and listed in the KEV Catalog due to their risk to federal networks. Notably, CVE-2026-41091 and CVE-2026-45498 are newly added vulnerabilities in Microsoft Defender, suggesting exploitation attempts against security software itself. Worth noting is that several listed CVEs date back to the 2008–2010 timeframe, which may reflect historical exploitation data or ongoing use of old vulnerabilities in current attacks.

Operator considerations

Check: systems running Microsoft Defender for exposure to CVE-2026-41091 and CVE-2026-45498

From Cybersecurity and Infrastructure Security Agency ↗

CISA has added seven new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.

CVE-2008-4250 Microsoft Windows Buffer Overflow Vulnerability

CVE-2009-1537 Microsoft DirectX NULL Byte Overwrite Vulnerability

CVE-2009-3459 Adobe Acrobat and Reader Heap-Based Buffer Overflow Vulnerability

CVE-2010-0249 Microsoft Internet Explorer Use-After-Free Vulnerability

CVE-2010-0806 Microsoft Internet Explorer Use-After-Free Vulnerability

CVE-2026-41091 Microsoft Defender Elevation of Privilege Vulnerability

CVE-2026-45498 Microsoft Defender Denial of Service Vulnerability

These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the ...

Read the full advisory on CISA →