Severity by source
AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N
Primary rating from NVD.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N
Lifecycle Timeline
3DescriptionCVE.org
Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.
AnalysisAI
Secure Boot bypass in Windows allows a local attacker with high privileges to defeat the platform's boot-time integrity protection mechanism, breaking the chain of trust that prevents unauthorized bootloaders and pre-OS code from executing. The flaw (CWE-693, Protection Mechanism Failure) carries a CVSS 7.9 due to scope change and high confidentiality/integrity impact, and no public exploit identified at time of analysis. Successful exploitation undermines a foundational anti-tamper control and can enable persistent pre-OS implants such as bootkits.
Technical ContextAI
Secure Boot is a UEFI-based protection that validates the cryptographic signatures of bootloaders, option ROMs, and the OS loader against a database of trusted keys (db/dbx) before they are allowed to execute, anchoring the Windows boot chain to a hardware root of trust. CWE-693 (Protection Mechanism Failure) indicates the control itself fails to enforce its intended policy - typically because a check is missing, can be skipped, or trusts attacker-influenced state - rather than a memory-corruption or injection bug. In Windows this layer integrates with components such as the Windows Boot Manager, BitLocker measurements, VBS/HVCI, and the dbx revocation list shipped through Windows Update; a bypass at this layer therefore weakens every downstream defense that assumes a verified boot.
RemediationAI
Apply the Microsoft security update referenced in the MSRC advisory at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48575 to all affected Windows systems; exact fix build numbers per SKU are listed on that page and should be cited from there rather than guessed. Because Secure Boot fixes frequently ship in two stages (an OS-side code update followed by a dbx/UEFI revocation that must be explicitly enabled), administrators should confirm whether this CVE requires deploying an updated UEFI revocation list (dbx) and follow Microsoft's staged enablement guidance to avoid bricking dual-boot or older recovery media. Compensating controls until patched include enforcing BitLocker with TPM+PIN so an attacker who bypasses Secure Boot cannot transparently access disk contents, requiring physical security and tamper-evident seals on high-value endpoints, restricting local administrator membership via LAPS and tiered admin to minimize the PR:H prerequisite, and monitoring measured-boot/TPM PCR values through Device Health Attestation to detect boot-chain tampering - each of these reduces but does not eliminate exposure, and BitLocker with PIN in particular adds user-experience cost.
Same weakness CWE-693 – Protection Mechanism Failure
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-35524
GHSA-w4hq-xj64-h4pm