Vulnerability Details CVE-2026-21537
Improper control of generation of code ('code injection') in Microsoft Defender for Linux allows an unauthorized attacker to execute code over an adjacent network.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 24.8%
CVSS Severity
CVSS v3 Score 8.8
Products affected by CVE-2026-21537
-
cpe:2.3:a:microsoft:defender_for_endpoint:-