Severity by source
AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N
Primary rating from NVD.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N
Lifecycle Timeline
3DescriptionCVE.org
Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.
AnalysisAI
Secure Boot bypass in Microsoft Windows allows an authorized local attacker with high privileges to defeat the firmware-level boot integrity protection, breaking the chain of trust intended to prevent unauthorized boot-time code. The CVSS 7.9 rating with scope change (S:C) indicates the bypass affects components beyond the initially compromised context, enabling pre-OS persistence. There is no public exploit identified at time of analysis and the issue is not listed in CISA KEV.
Technical ContextAI
Secure Boot is a UEFI firmware feature that verifies the cryptographic signature of bootloaders, kernels, and early drivers against keys stored in the platform's firmware (PK, KEK, db, dbx databases) before executing them, establishing a hardware-rooted chain of trust. The CWE-693 classification (Protection Mechanism Failure) indicates the security control itself is being circumvented rather than a memory-corruption or input-validation flaw - typically meaning a signed-but-vulnerable component, revocation list (dbx) gap, or a flaw in how Windows validates boot-time artifacts. Because the vector is local with high privileges (AV:L/PR:H), the attacker is already on the system and is leveraging that position to plant code that survives or precedes OS-level defenses such as Credential Guard, BitLocker integrity checks, and Defender ELAM.
RemediationAI
Apply the Microsoft security update referenced in the MSRC advisory at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48570 as soon as the patch identifier and KB numbers are confirmed for the relevant Windows builds; Secure Boot fixes frequently require both an OS patch and a separate dbx (forbidden signature database) update, and on some platforms a firmware/UEFI update from the OEM may also be necessary to fully revoke vulnerable components. Patch available per vendor advisory; exact fix version was not included in the provided input data. As compensating controls until patched, restrict local administrator and SYSTEM-level access via tiered admin models and LAPS to reduce the PR:H prerequisite, enable BitLocker with TPM+PIN so that bootloader tampering invalidates the sealed key and forces recovery, deploy Windows Defender Application Control / WDAC policies to constrain what signed binaries can run at boot, and monitor measured-boot TPM PCR values via attestation (e.g., Microsoft Intune device health attestation) to detect bootchain changes - note that aggressive WDAC and PCR-binding policies can cause boot failures after legitimate firmware updates and require operational planning.
Same weakness CWE-693 – Protection Mechanism Failure
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-35522
GHSA-c753-x75x-629c