CVE-2026-21537

Summary

Improper control of generation of code ('code injection') in Microsoft Defender for Linux allows an unauthorized attacker to execute code over an adjacent network.

Affected Software

VendorProductVersion RangeStatus
MicrosoftMicrosoft Defender for Endpoint for Linux101.0.0 < 1.0.9.0affected

Weaknesses

  • CWE-94: CWE-94: Improper Control of Generation of Code ('Code Injection')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References