CISA adds seven actively exploited flaws, including Microsoft Defender CVE-2026-41091 and CVE-2026-45498, to KEV catalog

The story intersects because RedSun (CVE-2026-41091) and UnDefend (CVE-2026-45498) are among the disclosed Microsoft flaws discussed in this article, and the piece reiterates that some are exploited in the wild. However, this source is primarily about Microsoft's handling of the disclosure controversy, not CISA's KEV action itself.

This article covers the same underlying event around Microsoft Defender flaws CVE-2026-41091 and CVE-2026-45498 being actively exploited and added to KEV, and adds specific patch details: Microsoft fixed them in Defender Antimalware Platform version 4.18.26040.7, described the impacts as local SYSTEM privilege escalation and DoS, noted disabled Defender systems are not exploitable, and linked the bugs to the publicly released BlueHammer variants RedSun and UnDefend.

This source is about the same underlying event: active exploitation of Microsoft Defender flaws CVE-2026-41091 and CVE-2026-45498. It adds Microsoft's patch rollout details, affected component versions, the impact of each flaw (SYSTEM privilege escalation and DoS), and fixed versions defenders should verify.

This article is the primary CISA alert establishing a new KEV-driven remediation event covering seven specifically identified exploited CVEs.