Close Menu
    Subscribe
    Alerts

    CVE-2026-8863 | THREATINT

    adminBy No Comments1 Min Read


    Home

    Description

    Multiple version of UEFI SHIM bootloaders are vulnerable to SecureBoot bypass through lack of enforcement and validation SBAT. The following authenticode signatures are impacted by this disclosure AE75F0D82BA3DF824FBFC69340CC3B4D66C598373B1AB54CDB6C8BFD83A6B961 – Spyrus WTGCreator version 4.2 FD23D6E57DE6F4E1F9D7118DA1C5F31A8AF6BE5E5D9E8170F9493447268D50C5 – Baramundi Management Suite up to 2024R1 – A0DE9333442C1BF9349A460141AE5E80F911955C6506040FA3D021BF6C1AE3E4 WhiteCanyon WipeDrive versions 8.0.0 through 8.1.3. 95B6D71FC0C0F8C5E1533A37AEF92CF6B0C961E2CC612A97117FA6759CE5FC06 – Finland Matriculation Exam Abitti 1 version 1.0.0 236A9CB0D71951C36398A32EB660CE2CD4A52CCFA7CF751CC6A35D9DE549E19B – NTC IT Rosa R9, R10 8A964D5F8373948D20A1D4296FB92E545DAD4617A0C810F3B934B53D98AE8963 – PC-Doctor Service Center 15, 16

    PUBLISHED Reserved 2026-05-18 | Published 2026-06-09 | Updated 2026-06-09 | Assigner certcc

    Problem types

    CWE-347: Improper Verification of Cryptographic Signature

    CWE-354: Improper Validation of Integrity Check Value

    Product status

    14 (custom)
    affected    15 (custom)
    affected    15 (custom)
    affected    14 (custom)
    affected    6.9 (custom)
    affected    6.9 (custom)
    affected    4.2
    affected    8.0.0 (custom)
    affected    * (custom)
    affected    1.0.0
    affected    R9
    affected    R10
    affected

    Credits

    Thanks to Martin Smolar of ESET for discovering and reporting this vulnerability finder

    References

    msrc.microsoft.com/update-guide/vulnerability/CVE-2026-8863 (Microsoft Vendor Security Advisory) vendor-advisory

    kb.cert.org/vuls/id/616257 (CERT/CC Vulnerability Notice) third-party-advisory

    cve.org (CVE-2026-8863)

    nvd.nist.gov (CVE-2026-8863)

    Download JSON



    Source link

    Share.

    Related Posts

    Add A Comment

    Comments are closed.