CVE-2026-21537 — Code Injection in Microsoft Defender FOR Endpoint FOR Linux

CWE-94 — Code Injection8 documents6 sources

Severity

8.8HIGHNVD

EPSS

0.1%

top 74.66%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Defender FOR Endpoint FOR Linux Msrc Microsoft Defender FOR Endpoint FOR Linux

Timeline

PublishedFeb 10

Latest updateFeb 13

Description

Improper control of generation of code ('code injection') in Microsoft Defender for Linux allows an unauthorized attacker to execute code over an adjacent network.

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5microsoft/microsoft_defender_for_endpoint_for_linux101.0.0 — 1.0.9.0

▶msrcmsrc/microsoft_defender_for_endpoint_for_linux

🔴Vulnerability Details

GHSA

GHSA-c8x6-p29h-wm35: Improper control of generation of code ('code injection') in Microsoft Defender for Linux allows an unauthorized attacker to execute code over an adja↗2026-02-10

▶

📋Vendor Advisories

Microsoft

Microsoft Defender for Endpoint Linux Extension Remote Code Execution Vulnerability↗2026-02-10

▶

🕵️Threat Intelligence

Sophos

February’s Patch Tuesday assumes battle stations↗2026-02-13

▶

Qualys

Microsoft and Adobe Patch Tuesday, February 2026 Security Update Review↗2026-02-10

▶

Bleepingcomputer

Microsoft February 2026 Patch Tuesday fixes 6 zero-days, 58 flaws↗2026-02-10

▶

Qualys

Microsoft and Adobe Patch Tuesday, February 2026 Security Update Review | Qualys↗2026-02-10

▶

Sophos

February’s Patch Tuesday assumes battle stations↗

▶