CVE-2026-21537
Improper control of generation of code ('code injection') in Microsoft Defender for Linux allows an unauthorized attacker to execute code over an adjacent network.
CVE-2025-59497
Time-of-check time-of-use (toctou) race condition in Microsoft Defender for Linux allows an authorized attacker to deny service locally.
CVE-2025-47161
Improper access control in Microsoft Defender for Endpoint allows an authorized attacker to elevate privileges locally.
CVE-2025-26684
External control of file name or path in Microsoft Defender for Endpoint allows an authorized attacker to elevate privileges locally.