Zero-DayCISAKEVEndpoint SecurityData Security

Microsoft Defender CVE-2026-41091 Escalates to SYSTEM. The Endpoint Control Is the Attack Surface.

June 11, 2026

Lattix branded cover for Microsoft Defender CVE-2026-41091 Escalates to SYSTEM. /37 section number, May 2026 zero-day disclosure date, CVSS 7.8 local-to-SYSTEM statistic, IBM Plex Mono on dark grid background, surgical yellow accent on the data-layer PEP in a host-to-data flow strip.

Microsoft confirmed in May 2026 that CVE-2026-41091, a privilege-escalation flaw in Microsoft Defender, had been exploited in the wild. The vulnerability is an improper link resolution before file access, the class commonly described as link following, and it allows an authenticated local attacker to elevate to SYSTEM. It carries a CVSS score of 7.8. The Cybersecurity and Infrastructure Security Agency added it to the Known Exploited Vulnerabilities catalog alongside CVE-2026-45498, a denial-of-service flaw of CVSS 4.0 in the same product, and set a Federal Civilian Executive Branch remediation deadline of June 3, 2026.

Microsoft addressed both flaws in Microsoft Defender Antimalware Platform versions 1.1.26040.8 and 4.18.26040.7. The two zero-days were disclosed under the names RedSun and UnDefend by a group tracked as Chaotic Eclipse. The patches close the technical vector. The architectural problem the disclosure exposes is older than the CVE and survives the patch.

When the security tool is the attack surface

Microsoft Defender runs at the highest privilege on the host because endpoint protection has to observe everything the host does. Antimalware engines, endpoint detection and response agents, and host-based security tooling all operate from a position of maximum trust on the system they defend. That position is what makes them effective. It is also what makes them the highest-value target on the machine.

CVE-2026-41091 converts that privilege into the attacker's privilege. A local user who exploits the flaw becomes SYSTEM, which is the account the security tooling itself runs under. A SYSTEM-level compromise of the component that mediates host security does not bypass one control. It inverts the control.

Three host-layer protections collapse at the same moment. Full-disk encryption assumes a trusted operating system to which keys are released, and a SYSTEM-level attacker is inside that boundary. EDR-mediated access assumes the agent reports honestly, and the attacker now controls the agent. Process isolation assumes the SYSTEM boundary holds, and the attacker has crossed it. Each assumption depends on host trust, and host trust is the thing the vulnerability breaks.

What survives a compromised host

The control that survives a SYSTEM-level compromise is the one that does not run on the host. Lattix Technologies enforces access at the data object through attribute-based access control (ABAC) at the policy enforcement point (PEP), post-quantum key encapsulation under ML-KEM-768 and ML-KEM-1024, and Merkle-tree lineage written to content-addressed storage (CAS-X).

A read request against a Lattix-protected object travels from the requesting process to the PEP. The PEP evaluates an attribute claim signed by a policy decision point (PDP) that does not run on the compromised host. The keys that wrap the object are not stored on the host. The audit record of the release decision is not written to the host. A SYSTEM-level compromise of Defender places the attacker in the transport path of the request. It does not place the attacker in the policy decision.

The failure mode changes accordingly. In a host-trust posture, compromising the endpoint security tool produces data access. In a data-centric posture, the same compromise produces requests that fail closed at the PEP and lineage records that a detection team can act on.

Distinct from the kernel flaw and the network controller

This is the third instance in 2026 of the same architectural pattern reaching a different layer. The Linux Copy Fail flaw, CVE-2026-31431, reached SYSTEM-equivalent root through the kernel. The Cisco Catalyst SD-WAN flaw, CVE-2026-20182, reached administrative control through the network control plane. CVE-2026-41091 reaches SYSTEM through the security tooling itself.

The common thread is not the vendor or the layer. It is that each control under attack assumes a trusted host or a trusted control plane, and each compromise removes exactly that assumption. Data-centric zero trust binds enforcement to the object rather than to the integrity of the platform the object sits on. The object enforces its own policy whether the kernel, the SD-WAN controller, or the antimalware engine is trustworthy or not.

The audit chain answer to what the attacker reached

Incident response after a SYSTEM-level compromise spends days reconstructing what the attacker touched from logs the attacker had the privilege to alter. A SYSTEM account can tamper with the local event log and the agent telemetry before they leave the host.

Merkle-tree lineage over policy decision events answers the question from outside the compromised boundary. The chain records every key release decision made by the PEP and anchors it in content-addressed storage the host cannot write to. After detection, the response team queries the chain for releases during the incident window. Releases that occurred surface immediately. Data the attacker did not reach surfaces as the absence of a release. The materiality determination, the breach notification scope, and the remediation order rest on that evidence rather than on logs of uncertain integrity.

What teams should do in the next 30 days

Three priorities follow the disclosure. The first is an inventory of which protections assume a trusted host: disk encryption key release, EDR-mediated data access, and any control that treats SYSTEM as a boundary rather than a target. The inventory bounds the scope of the architectural change.

The second is the decision about where access policy lives. A PEP and PDP architecture independent of the host limits the next compromise of host-resident security tooling. The Lattix pattern of ABAC over object-level cryptographic enforcement is one implementation of that independence.

The third is the audit log architecture. Telemetry written to infrastructure a SYSTEM-level attacker can reach is telemetry that can be altered. Lineage records anchored cryptographically in storage the host cannot write to are the records that survive the compromise.

How the architecture maps to standards

NIST SP 800-207 separates the policy decision point from the systems it governs for this reason. The CISA Zero Trust Maturity Model 2.0 scores the data pillar independently of the device pillar, which is why a mature endpoint posture and an immature data posture coexist in the same organization. The DoD Zero Trust Strategy 2.0 and the NSA Zero Trust Implementation Guideline Data Pillar converge on the same conclusion. Endpoint controls are necessary and insufficient, and the data pillar is the control that holds when the endpoint does not. CVE-2026-41091 is the operational case for accelerating that build.