1 article
CISA's 20 May Known Exploited Vulnerabilities batch included CVE-2026-41091 (Microsoft Defender for Endpoint EoP, CVSS 7.8) and CVE-2026-45498 (Microsoft Defender DoS, CVSS 4.0), both patched via a silent Defender engine update pushed on 19 May. The batch also included five legacy Windows and Adobe vulnerabilities from 2008–2010 indicating re-exploitation of outdated systems in active campaigns.