Microsoft-signed UEFI shim bootloaders vulnerable to Secure Boot bypass

🗓️ 09 Jun 2026 00:00:00Reported by CERTType

Microsoft signed UEFI shim bootloaders up to version 0.9 enable Secure Boot bypass and will be added to the Forbidden Signature Database.

Reporter	Title	Published	Views	Family All 29
Circl	CVE-2026-8863	9 Jun 202615:44	–	circl
CVE	CVE-2026-10797	9 Jun 202600:00	–	cve
CVE	CVE-2026-8863	9 Jun 202618:10	–	cve
Cvelist	CVE-2026-8863 CVE-2026-8863	9 Jun 202618:10	–	cvelist
EUVD	EUVD-2026-35791	9 Jun 202618:10	–	euvd
Microsoft KB	June 9, 2026—KB5093998 (OS Build 22631.7219)	9 Jun 202614:00	–	mskb
Microsoft KB	June 9, 2026—KB5094041 (Monthly Rollup)	9 Jun 202614:00	–	mskb
Microsoft KB	June 9, 2026—KB5094042 (Monthly Rollup)	9 Jun 202614:00	–	mskb
Microsoft KB	June 9, 2026—KB5094123 (OS Build 17763.8880)	9 Jun 202614:00	–	mskb
Microsoft KB	June 9, 2026—KB5094125 (OS Build 26100.32995)	9 Jun 202614:00	–	mskb

Source	Link
msrc	www.msrc.microsoft.com/update-guide/vulnerability/CVE-2026-8863
github	www.github.com/rhboot/shim/blob/main/SBAT.md
uefi	www.uefi.org/specs/UEFI/2.11/32_Secure_Boot_and_Driver_Signing.html
uefi	www.uefi.org/specs/UEFI/2.11/03_Boot_Manager.html
uefi	www.uefi.org/specs/UEFI/2.11/07_Services_Boot_Services.html
learn	www.learn.microsoft.com/en-us/windows-hardware/design/device-experiences/oem-secure-boot
welivesecurity	www.welivesecurity.com/en/eset-research/under-cloak-uefi-secure-boot-introducing-cve-2024-7344/
eset	www.eset.com/us/about/newsroom/press-releases/eset-research-discovers-uefi-secure-boot-bypass-vulnerability/
blogs	www.blogs.gnome.org/hughsie/2025/01/20/fwupd-2-0-4-and-dbxupdate-20241101/
github	www.github.com/microsoft/secureboot_objects

10 Jun 2026 17:26Current

6.4Medium risk

Vulners AI Score6.4

CVSS 3.17.8

EPSS0.00005

SSVC