Severity by source
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
2DescriptionNVD
Protection mechanism failure in Windows UEFI allows an authorized attacker to bypass a security feature locally.
AnalysisAI
Security feature bypass in Windows UEFI allows an authenticated local attacker with low privileges to circumvent a protection mechanism, resulting in high confidentiality, integrity, and availability impact on the host. The flaw is rooted in CWE-693 (Protection Mechanism Failure) within the Windows UEFI firmware layer, and Microsoft (secure@microsoft.com) is the reporting CNA. No public exploit identified at time of analysis, and the issue is not currently listed in CISA KEV.
Technical ContextAI
UEFI (Unified Extensible Firmware Interface) is the pre-boot firmware environment that initializes hardware and hands control to the operating system loader; on Windows systems it underpins Secure Boot, BitLocker measurement, and the early boot trust chain. CWE-693 (Protection Mechanism Failure) indicates that an existing security control in the UEFI implementation is bypassed or rendered ineffective rather than missing entirely - typical examples in this class include flaws that defeat Secure Boot, variable write protection, SMM lockdown, or Boot Guard. No CPE strings were provided in the input, so the exact affected Windows builds and firmware components must be confirmed via the Microsoft Security Update Guide entry referenced by NVD.
RemediationAI
Apply the Microsoft security update referenced in the MSRC advisory at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45656 as soon as it is published for your Windows edition; patch available per vendor advisory, though no specific fixed build number is provided in the input data, so consult that advisory for the exact KB and any firmware/UEFI capsule updates that must accompany the OS patch. As compensating controls while patching is staged, restrict local interactive and administrative access on affected hosts since exploitation requires PR:L local privileges (trade-off: tighter local admin controls may impede support workflows), enable and monitor Secure Boot and measured boot attestation via tools such as Microsoft Defender for Endpoint or Azure Attestation to detect bypass attempts (trade-off: attestation will flag legitimate firmware changes), and keep BitLocker enabled with TPM+PIN where feasible so that a firmware-level security bypass does not trivially lead to offline data exposure (trade-off: TPM+PIN adds boot friction for end users).
Same weakness CWE-693 – Protection Mechanism Failure
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-35696
GHSA-44jf-fmcv-xp6f