Skip to main content

Windows Secure Boot EUVDEUVD-2026-35526

| CVE-2026-48578 HIGH
Improper Access Control (CWE-284)
2026-06-09 secure@microsoft.com GHSA-r54v-whx8-jvhg
7.9
CVSS 3.1 · Vendor: microsoft
Temporal: 6.9
Share

Severity by source

Vendor (microsoft) PRIMARY
7.9 HIGH
AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N
CIRCL (temporal)
6.9 MEDIUM
cvss

Primary rating from Vendor (microsoft).

CVSS VectorVendor: microsoft

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N
Attack Vector
Local
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
None

Lifecycle Timeline

2
Analysis Generated
Jun 09, 2026 - 17:45 vuln.today
CVE Published
Jun 09, 2026 - 17:17 nvd
HIGH 7.9

DescriptionCVE.org

Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.

AnalysisAI

Security feature bypass in Windows Secure Boot enables a local high-privileged attacker to defeat the platform's boot-time integrity protections, achieving high confidentiality and integrity impact across a changed security scope. The flaw stems from a protection mechanism failure (CWE-284, Improper Access Control) that undermines the trust boundary Secure Boot is designed to enforce. At the time of analysis, no public exploit has been identified and the issue is not listed in CISA KEV, but the scope-changed CVSS of 7.9 reflects the severity of subverting a root-of-trust security control.

Technical ContextAI

Windows Secure Boot is a UEFI-based protection that validates the cryptographic signatures of bootloaders, the Windows OS loader, and early boot components against keys stored in platform firmware, preventing unsigned or tampered code from executing before the OS gains control. The underlying weakness is classified as CWE-284 (Improper Access Control), indicating that an access-control or policy-enforcement check that gates Secure Boot's protection logic can be circumvented. Because Secure Boot anchors the chain of trust that protections like BitLocker, Measured Boot, Virtualization-Based Security (VBS), and Hypervisor-Protected Code Integrity (HVCI) build upon, a bypass here can erode assurances those higher-layer controls depend on. The single vendor reference (MSRC) does not enumerate specific Windows builds in the supplied data, and no CPE strings were provided in this intelligence bundle.

RemediationAI

No vendor-released patch version was identified at time of analysis from the provided data; treat the MSRC advisory at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48578 as the authoritative source and apply the cumulative Windows security update referenced there for each affected SKU as soon as it is validated in your environment. Because Secure Boot bypass fixes frequently require both an OS update and a Secure Boot DBX (forbidden-signature database) revocation update, plan to deploy the corresponding UEFI Secure Boot revocation servicing (mssecureboot/DBX update) so that revoked bootloader components cannot be reintroduced - note this can render older recovery media, dual-boot installations, or unsigned third-party boot tooling unbootable, so test on representative hardware first. Compensating controls while patching: enforce BitLocker with TPM+PIN to raise the cost of physical or admin-level tampering with the boot chain, require attestation (Microsoft Defender for Endpoint device health attestation or Intune compliance with Secure Boot + Code Integrity attested) before granting access to sensitive resources, and tightly restrict local administrator membership via LAPS and tiered admin to limit who can meet the PR:H precondition; each of these reduces but does not eliminate residual risk until the firmware/OS update and DBX revocation are applied.

CVE-2025-33053 HIGH POC
8.8 Jun 10

Windows Internet Shortcut Files (.url) contain an external control vulnerability (CVE-2025-33053, CVSS 8.8) that enables

CVE-2025-33073 HIGH POC
8.8 Jun 10

Windows SMB contains an improper access control vulnerability (CVE-2025-33073, CVSS 8.8) enabling authenticated attacker

CVE-2025-21293 HIGH POC
8.8 Jan 14

Active Directory Domain Services contains an elevation of privilege vulnerability that allows authenticated domain users

CVE-2025-30397 HIGH POC
7.5 May 13

Microsoft Scripting Engine contains a type confusion vulnerability allowing unauthorized remote code execution over the

CVE-2025-32706 HIGH POC
7.8 May 13

Windows CLFS Driver contains an input validation flaw enabling local privilege escalation, yet another CLFS kernel vulne

CVE-2025-21418 HIGH
7.8 Feb 11

Windows Ancillary Function Driver for WinSock contains a heap-based buffer overflow enabling local privilege escalation

CVE-2026-21510 HIGH POC
8.8 Feb 10

Windows Shell contains a protection mechanism failure (CVE-2026-21510, CVSS 8.8) that allows unauthenticated remote atta

CVE-2025-47827 MEDIUM POC
4.6 Jun 05

In IGEL OS before 11, Secure Boot can be bypassed because the igel-flash-driver module improperly verifies a cryptograph

CVE-2026-21519 HIGH
7.8 Feb 10

Desktop Window Manager (DWM) in Windows contains a type confusion vulnerability (CVE-2026-21519, CVSS 7.8) that enables

CVE-2025-32701 HIGH
7.8 May 13

Windows Common Log File System Driver contains another use-after-free for local privilege escalation, the latest in a se

CVE-2025-21391 HIGH
7.1 Feb 11

Windows Storage contains an elevation of privilege vulnerability through symlink following that allows authorized attack

CVE-2025-32709 HIGH
7.8 May 13

Windows Ancillary Function Driver for WinSock contains a use-after-free enabling local privilege escalation through a nu

Share

EUVD-2026-35526 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy