Microsoft Defender For Endpoint For Linux vulnerabilities

CVE-2026-21537 [HIGH] CWE-94 CVE-2026-21537: Improper control of generation of code ('code injection') in Microsoft Defender for Linux allows an Improper control of generation of code ('code injection') in Microsoft Defender for Linux allows an unauthorized attacker to execute code over an adjacent network.

CVE-2025-59497 [MEDIUM] CWE-367 CVE-2025-59497: Time-of-check time-of-use (toctou) race condition in Microsoft Defender for Linux allows an authoriz Time-of-check time-of-use (toctou) race condition in Microsoft Defender for Linux allows an authorized attacker to deny service locally.

CVE-2025-47161 [HIGH] CWE-284 CVE-2025-47161: Improper access control in Microsoft Defender for Endpoint allows an authorized attacker to elevate Improper access control in Microsoft Defender for Endpoint allows an authorized attacker to elevate privileges locally.

CVE-2025-26684 [MEDIUM] CWE-73 CVE-2025-26684: External control of file name or path in Microsoft Defender for Endpoint allows an authorized attack External control of file name or path in Microsoft Defender for Endpoint allows an authorized attacker to elevate privileges locally.

CVE-2024-43614 [MEDIUM] CWE-23 CVE-2024-43614: Relative path traversal in Microsoft Defender for Endpoint allows an authorized attacker to perform Relative path traversal in Microsoft Defender for Endpoint allows an authorized attacker to perform spoofing locally.

CVE-2022-33637 [MEDIUM] CVE-2022-33637: Microsoft Defender for Endpoint Tampering Vulnerability Microsoft Defender for Endpoint Tampering Vulnerability

CVE-2022-23278 [MEDIUM] CVE-2022-23278: Microsoft Defender for Endpoint Spoofing Vulnerability Microsoft Defender for Endpoint Spoofing Vulnerability