CVE-2026-0390 | THREATINT

Description

Reliance on untrusted inputs in a security decision in Windows Boot Loader allows an authorized attacker to bypass a security feature locally.

PUBLISHED Reserved 2025-11-19 | Published 2026-04-14 | Updated 2026-06-01 | Assigner microsoft

MEDIUM: 6.7CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

Problem types

CWE-807: Reliance on Untrusted Inputs in a Security Decision

Product status

10.0.14393.0 (custom) before 10.0.14393.9060

affected

10.0.17763.0 (custom) before 10.0.17763.8644

affected

10.0.19044.0 (custom) before 10.0.19044.7184

affected

10.0.19045.0 (custom) before 10.0.19045.7184

affected

10.0.14393.0 (custom) before 10.0.14393.9060

affected

10.0.14393.0 (custom) before 10.0.14393.9060

affected

10.0.17763.0 (custom) before 10.0.17763.8644

affected

10.0.17763.0 (custom) before 10.0.17763.8644

affected

10.0.20348.0 (custom) before 10.0.20348.5020

affected

References

msrc.microsoft.com/update-guide/vulnerability/CVE-2026-0390 (UEFI Secure Boot Security Feature Bypass Vulnerability) vendor-advisory patch

cve.org (CVE-2026-0390)

nvd.nist.gov (CVE-2026-0390)

Download JSON

help @ threatint.eu