CVE-2026-21537HIGH 8.8EPSS p40.7%

CVE-2026-21537CVE-2026-21537

Description

Improper control of generation of code ('code injection') in Microsoft Defender for Linux allows an unauthorized attacker to execute code over an adjacent network.

Scoring

CVSS 3.18.8 (HIGH)
VectorCVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS0.53% probability of exploitation · percentile 40.7% · 2026-06-18T12:00:27Z
Published2026-02-10
Last modified2026-02-11

Underlying weaknesses· 1

CWE-94

References

  1. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21537

1

TypeTargetConfidenceTier
WeaknessImproper Control of Generation of Code ('Code Injection')cwe-940%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-45584
CVE
Microsoft Defender Remote Code Execution Vulnerability
CVE
CVE-2025-65037
CVE
CVE-2026-45583
CVE
CVE-2025-26678
CVE
CVE-2026-33826
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.