CISA Adds 7 Known Exploited Vulnerabilities Including Active Microsoft Defender Flaws

CISA confirmed active exploitation of seven CVEs, adding them to the Known Exploited Vulnerabilities catalog. The most urgent are two 2026 Microsoft Defender vulnerabilities: CVE-2026-41091 (Elevation of Privilege) and CVE-2026-45498 (Denial of Service). The remaining five are older Microsoft and Adobe flaws (2008–2010) that continue to see exploitation in the wild.

FCEB agencies are subject to mandatory remediation deadlines. All organizations should prioritize patching the 2026 Defender CVEs, ensure Microsoft Defender definitions and platform components are up to date, and review whether any legacy Windows or Adobe Reader deployments remain exposed to the older entries.