{"api_version":"1","generated_at":"2026-06-10T01:13:21+00:00","cve":"CVE-2026-8863","urls":{"html":"https://cve.report/CVE-2026-8863","api":"https://cve.report/api/cve/CVE-2026-8863.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2026-8863","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2026-8863"},"summary":{"title":"CVE-2026-8863","description":"Multiple Microsoft-sigend UEFI SHIM bootloaders are vulnerable to SecureBoot bypass. An attacker with administrative privileges or the ability to modify the boot process could use one of the vulnerable shim bootloaders to bypass Secure Boot protections and execute arbitrary code before the operating system loads. Specific UEFI DBX update is required to block these vulnerable boot loaders.","state":"PUBLISHED","assigner":"certcc","published_at":"2026-06-09 19:17:59","updated_at":"2026-06-09 21:17:26"},"problem_types":["CWE-347: Improper Verification of Cryptographic Signature","CWE-354: Improper Validation of Integrity Check Value"],"metrics":[{"version":"3.1","source":"ADP","type":"DECLARED","score":"7.8","severity":"HIGH","vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","data":{"attackComplexity":"LOW","attackVector":"LOCAL","availabilityImpact":"HIGH","baseScore":7.8,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"LOW","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","version":"3.1"}},{"version":"3.1","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","score":"7.8","severity":"HIGH","vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"}}],"references":[{"url":"https://kb.cert.org/vuls/id/616257","name":"https://kb.cert.org/vuls/id/616257","refsource":"cret@cert.org","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-8863","name":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-8863","refsource":"cret@cert.org","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.kb.cert.org/vuls/id/616257","name":"https://www.kb.cert.org/vuls/id/616257","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2026-8863","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-8863","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"Oracle Corporation","product":"OracleLinux(7.2) shim","version":"affected 0.9","platforms":[]},{"source":"CNA","vendor":"PC-Doctor","product":"Service Center Enterprise","version":"affected 14 17.0.7536.900 custom","platforms":[]},{"source":"CNA","vendor":"PC-Doctor","product":"Service Center Drive Erase","version":"affected 15 17.0.7538.592 custom","platforms":[]},{"source":"CNA","vendor":"PC-Doctor","product":"Service Center Japan","version":"affected 15 17.0.7539.904 custom","platforms":[]},{"source":"CNA","vendor":"PC-Doctor","product":"Service Center","version":"affected 14 17.0.7535.900 custom","platforms":[]},{"source":"CNA","vendor":"PC-Doctor","product":"Network Factory for Linux (Bootable Diagnostics)","version":"affected 6.9 6.20.7711.267 custom","platforms":[]},{"source":"CNA","vendor":"PC-Doctor","product":"Factory for Linux (Bootable Diagnostics)","version":"affected 6.9 6.20.7710.267 custom","platforms":[]},{"source":"CNA","vendor":"Spyrus","product":"WTGCreator","version":"affected 4.2","platforms":[]},{"source":"CNA","vendor":"Blancco UK","product":"WhiteCanyon WipeDrive","version":"affected 8.0.0 8.1.3 custom","platforms":[]},{"source":"CNA","vendor":"Baramundi Software","product":"Baramundi Management Suite","version":"affected * 2024R1 custom","platforms":[]},{"source":"CNA","vendor":"Finland Matriculation Board","product":"Abitti 1","version":"affected 1.0.0","platforms":[]},{"source":"CNA","vendor":"NTC IT ROSA LLC","product":"RosaLinux","version":"affected R9","platforms":[]},{"source":"CNA","vendor":"NTC IT ROSA LLC","product":"RosaLinux","version":"affected R10","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[{"source":"CNA","value":"Thanks to Martin Smolar of ESET for discovering and reporting this vulnerability","lang":"en"}],"nvd_cpes":[],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"LOCAL","availabilityImpact":"HIGH","baseScore":7.8,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"LOW","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","version":"3.1"}},{"other":{"content":{"id":"CVE-2026-8863","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CISA Coordinator","timestamp":"2026-06-09T19:03:03.811729Z","version":"2.0.3"},"type":"ssvc"}}],"providerMetadata":{"dateUpdated":"2026-06-09T19:03:21.716Z","orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP"},"title":"CISA ADP Vulnrichment"},{"providerMetadata":{"dateUpdated":"2026-06-09T19:41:27.054Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"url":"https://www.kb.cert.org/vuls/id/616257"}],"title":"CVE Program Container"}],"cna":{"affected":[{"product":"OracleLinux(7.2) shim","vendor":"Oracle Corporation","versions":[{"status":"affected","version":"0.9"}]},{"product":"Service Center Enterprise","vendor":"PC-Doctor","versions":[{"lessThanOrEqual":"17.0.7536.900","status":"affected","version":"14","versionType":"custom"}]},{"product":"Service Center Drive Erase","vendor":"PC-Doctor","versions":[{"lessThanOrEqual":"17.0.7538.592","status":"affected","version":"15","versionType":"custom"}]},{"product":"Service Center Japan","vendor":"PC-Doctor","versions":[{"lessThanOrEqual":"17.0.7539.904","status":"affected","version":"15","versionType":"custom"}]},{"product":"Service Center","vendor":"PC-Doctor","versions":[{"lessThanOrEqual":"17.0.7535.900","status":"affected","version":"14","versionType":"custom"}]},{"product":"Network Factory for Linux (Bootable Diagnostics)","vendor":"PC-Doctor","versions":[{"lessThanOrEqual":"6.20.7711.267","status":"affected","version":"6.9","versionType":"custom"}]},{"product":"Factory for Linux (Bootable Diagnostics)","vendor":"PC-Doctor","versions":[{"lessThanOrEqual":"6.20.7710.267","status":"affected","version":"6.9","versionType":"custom"}]},{"product":"WTGCreator","vendor":"Spyrus","versions":[{"status":"affected","version":"4.2"}]},{"product":"WhiteCanyon WipeDrive","vendor":"Blancco UK","versions":[{"lessThanOrEqual":"8.1.3","status":"affected","version":"8.0.0","versionType":"custom"}]},{"product":"Baramundi Management Suite","vendor":"Baramundi Software","versions":[{"lessThanOrEqual":"2024R1","status":"affected","version":"*","versionType":"custom"}]},{"product":"Abitti 1","vendor":"Finland Matriculation Board","versions":[{"status":"affected","version":"1.0.0"}]},{"product":"RosaLinux","vendor":"NTC IT ROSA LLC","versions":[{"status":"affected","version":"R9"}]},{"product":"RosaLinux","vendor":"NTC IT ROSA LLC","versions":[{"status":"affected","version":"R10"}]}],"credits":[{"lang":"en","type":"finder","value":"Thanks to Martin Smolar of ESET for discovering and reporting this vulnerability"}],"descriptions":[{"lang":"en","value":"Multiple Microsoft-sigend UEFI SHIM bootloaders are vulnerable to SecureBoot bypass. An attacker with administrative privileges or the ability to modify the boot process could use one of the vulnerable shim bootloaders to bypass Secure Boot protections and execute arbitrary code before the operating system loads. Specific UEFI DBX update is required to block these vulnerable boot loaders."}],"problemTypes":[{"descriptions":[{"description":"CWE-347: Improper Verification of Cryptographic Signature","lang":"en"}]},{"descriptions":[{"description":"CWE-354: Improper Validation of Integrity Check Value","lang":"en"}]}],"providerMetadata":{"dateUpdated":"2026-06-09T18:47:41.698Z","orgId":"37e5125f-f79b-445b-8fad-9564f167944b","shortName":"certcc"},"references":[{"name":"Microsoft Vendor Security Advisory","tags":["vendor-advisory"],"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-8863"},{"name":"CERT/CC Vulnerability Notice","tags":["third-party-advisory"],"url":"https://kb.cert.org/vuls/id/616257"}],"source":{"discovery":"EXTERNAL"},"title":"CVE-2026-8863","x_generator":{"engine":"VINCE 3.0.42","env":"prod","origin":"https://cveawg.mitre.org/api/cve/CVE-2026-8863"}}},"cveMetadata":{"assignerOrgId":"37e5125f-f79b-445b-8fad-9564f167944b","assignerShortName":"certcc","cveId":"CVE-2026-8863","datePublished":"2026-06-09T18:10:15.426Z","dateReserved":"2026-05-18T19:41:10.790Z","dateUpdated":"2026-06-09T19:41:27.054Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2026-06-09 19:17:59","lastModifiedDate":"2026-06-09 21:17:26","problem_types":["CWE-347: Improper Verification of Cryptographic Signature","CWE-354: Improper Validation of Integrity Check Value"],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"configurations":[]},"legacy_mitre":{"record":{"CveYear":"2026","CveId":"8863","Ordinal":"1","Title":"CVE-2026-8863","CVE":"CVE-2026-8863","Year":"2026"},"notes":[{"CveYear":"2026","CveId":"8863","Ordinal":"1","NoteData":"Multiple Microsoft-sigend UEFI SHIM bootloaders are vulnerable to SecureBoot bypass. An attacker with administrative privileges or the ability to modify the boot process could use one of the vulnerable shim bootloaders to bypass Secure Boot protections and execute arbitrary code before the operating system loads. Specific UEFI DBX update is required to block these vulnerable boot loaders.","Type":"Description","Title":"CVE-2026-8863"}]}}}