HIGHCVE-2026-21537Published Modified CNA microsoft
CVE-2026-21537: Microsoft Defender for Endpoint Linux Extension Remote Code Execution Vulnerability
Improper control of generation of code ('code injection') in Microsoft Defender for Linux allows an unauthorized attacker to execute code over an adjacent network.
Metrics
- CVSS v3.1
- 8.8
- Severity
- HIGH
- Fixed in
- 1.0.9.0
- Affected Products
- 1
Fix available
1.0.9.0
Affected packages
- Microsoft / Microsoft Defender for Endpoint for Linux< 1.0.9.0 (from 101.0.0)
CVSS Vector
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C