Skip to main content

Windows Secure Boot CVE-2026-48570

| EUVDEUVD-2026-35522 HIGH
Protection Mechanism Failure (CWE-693)
2026-06-09 secure@microsoft.com GHSA-c753-x75x-629c
7.9
CVSS 3.1 · NVD
Temporal: 7.1
Share

Severity by source

NVD PRIMARY
7.9 HIGH
AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N
CIRCL (temporal)
7.1 HIGH
cvss

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N
Attack Vector
Local
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
None

Lifecycle Timeline

3
Patch available
Jun 09, 2026 - 19:03 EUVD
Analysis Generated
Jun 09, 2026 - 17:48 vuln.today
CVE Published
Jun 09, 2026 - 17:17 nvd
HIGH 7.9

DescriptionCVE.org

Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.

AnalysisAI

Secure Boot bypass in Microsoft Windows allows an authorized local attacker with high privileges to defeat the firmware-level boot integrity protection, breaking the chain of trust intended to prevent unauthorized boot-time code. The CVSS 7.9 rating with scope change (S:C) indicates the bypass affects components beyond the initially compromised context, enabling pre-OS persistence. There is no public exploit identified at time of analysis and the issue is not listed in CISA KEV.

Technical ContextAI

Secure Boot is a UEFI firmware feature that verifies the cryptographic signature of bootloaders, kernels, and early drivers against keys stored in the platform's firmware (PK, KEK, db, dbx databases) before executing them, establishing a hardware-rooted chain of trust. The CWE-693 classification (Protection Mechanism Failure) indicates the security control itself is being circumvented rather than a memory-corruption or input-validation flaw - typically meaning a signed-but-vulnerable component, revocation list (dbx) gap, or a flaw in how Windows validates boot-time artifacts. Because the vector is local with high privileges (AV:L/PR:H), the attacker is already on the system and is leveraging that position to plant code that survives or precedes OS-level defenses such as Credential Guard, BitLocker integrity checks, and Defender ELAM.

RemediationAI

Apply the Microsoft security update referenced in the MSRC advisory at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48570 as soon as the patch identifier and KB numbers are confirmed for the relevant Windows builds; Secure Boot fixes frequently require both an OS patch and a separate dbx (forbidden signature database) update, and on some platforms a firmware/UEFI update from the OEM may also be necessary to fully revoke vulnerable components. Patch available per vendor advisory; exact fix version was not included in the provided input data. As compensating controls until patched, restrict local administrator and SYSTEM-level access via tiered admin models and LAPS to reduce the PR:H prerequisite, enable BitLocker with TPM+PIN so that bootloader tampering invalidates the sealed key and forces recovery, deploy Windows Defender Application Control / WDAC policies to constrain what signed binaries can run at boot, and monitor measured-boot TPM PCR values via attestation (e.g., Microsoft Intune device health attestation) to detect bootchain changes - note that aggressive WDAC and PCR-binding policies can cause boot failures after legitimate firmware updates and require operational planning.

Share

CVE-2026-48570 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy