Skip to main content

CWE-1329

Reliance on Component That is Not Updateable

5 CVEs Avg CVSS 7.1 MITRE
0
CRITICAL
2
HIGH
3
MEDIUM
0
LOW
0
POC
0
KEV

Monthly

CVE-2026-48576 HIGH PATCH Exploit Unlikely This Week

Security feature bypass in Windows Secure Boot allows a high-privileged local attacker to circumvent the boot integrity protection mechanism, undermining trust in the Windows boot chain. The flaw (CWE-1329, reliance on a component that is not updateable) carries a CVSS 7.9 rating due to scope change and high impact on confidentiality and integrity, and no public exploit has been identified at time of analysis. Successful exploitation could enable pre-OS persistence such as bootkits, defeating a foundational Windows security control.

Authentication Bypass Microsoft Windows 10 1607 Windows 10 1809 Windows 10 21h2 +10
NVD VulDB
CVSS 3.1
7.9
EPSS
0.3%
CVE-2026-48573 HIGH PATCH Exploit Unlikely This Week

Secure Boot bypass in Microsoft Windows allows an authorized local attacker with high privileges to defeat the platform's protection mechanism and tamper with the pre-OS boot chain. The CVSS 7.9 score reflects a scope-changing impact on confidentiality and integrity from a local vector, and no public exploit identified at time of analysis. The single MSRC reference indicates a Microsoft-tracked issue that primarily threatens code-integrity and boot-trust guarantees rather than runtime availability.

Authentication Bypass Microsoft Windows 10 1607 Windows 10 1809 Windows 10 21h2 +10
NVD VulDB
CVSS 3.1
7.9
EPSS
0.3%
CVE-2026-41097 MEDIUM PATCH Exploit Unlikely This Month

Reliance on a component that is not updateable in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.

Authentication Bypass Microsoft
NVD VulDB
CVSS 3.1
6.7
EPSS
0.2%
CVE-2026-21265 MEDIUM PATCH This Month

Windows Secure Boot stores Microsoft certificates in the UEFI KEK and DB. [CVSS 6.4 MEDIUM]

Microsoft Windows Windows 10 22h2 Windows 10 1607 Windows 11 25h2 +10
NVD
CVSS 3.1
6.4
EPSS
0.3%
CVE-2021-38398 MEDIUM This Month

The affected device uses off-the-shelf software components that contain unpatched vulnerabilities. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Zoom Latitude Programming System Model 3120 Firmware Zoom Latitude Pogrammer Recorder Monitor 3120 Firmware
NVD
CVSS 3.1
6.8
EPSS
0.4%
EPSS 0% CVSS 7.9
HIGH PATCH Exploit Unlikely This Week

Security feature bypass in Windows Secure Boot allows a high-privileged local attacker to circumvent the boot integrity protection mechanism, undermining trust in the Windows boot chain. The flaw (CWE-1329, reliance on a component that is not updateable) carries a CVSS 7.9 rating due to scope change and high impact on confidentiality and integrity, and no public exploit has been identified at time of analysis. Successful exploitation could enable pre-OS persistence such as bootkits, defeating a foundational Windows security control.

Authentication Bypass Microsoft Windows 10 1607 +12
NVD VulDB
EPSS 0% CVSS 7.9
HIGH PATCH Exploit Unlikely This Week

Secure Boot bypass in Microsoft Windows allows an authorized local attacker with high privileges to defeat the platform's protection mechanism and tamper with the pre-OS boot chain. The CVSS 7.9 score reflects a scope-changing impact on confidentiality and integrity from a local vector, and no public exploit identified at time of analysis. The single MSRC reference indicates a Microsoft-tracked issue that primarily threatens code-integrity and boot-trust guarantees rather than runtime availability.

Authentication Bypass Microsoft Windows 10 1607 +12
NVD VulDB
EPSS 0% CVSS 6.7
MEDIUM PATCH Exploit Unlikely This Month

Reliance on a component that is not updateable in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.

Authentication Bypass Microsoft
NVD VulDB
EPSS 0% CVSS 6.4
MEDIUM PATCH This Month

Windows Secure Boot stores Microsoft certificates in the UEFI KEK and DB. [CVSS 6.4 MEDIUM]

Microsoft Windows Windows 10 22h2 +12
NVD
EPSS 0% CVSS 6.8
MEDIUM This Month

The affected device uses off-the-shelf software components that contain unpatched vulnerabilities. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Zoom Latitude Programming System Model 3120 Firmware Zoom Latitude Pogrammer Recorder Monitor 3120 Firmware
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy