CVE-2026-21537

Published: Feb 10, 2026Modified: Feb 11, 2026

8.8

Vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: secure@microsoft.com

Description

Improper control of generation of code ('code injection') in Microsoft Defender for Linux allows an unauthorized attacker to execute code over an adjacent network.

Affected (1)

Products: Microsoft: Defender For Endpoint

Microsoft

1 product

Defender For Endpoint

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Microsoft Defender For Endpoint	All versions

Related CWEs

CWE-94

Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

References (1)

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21537

Source: secure@microsoft.com

Vendor Advisory

Timeline

No history available yet.