Description
Multiple Microsoft-sigend UEFI SHIM bootloaders are vulnerable to SecureBoot bypass. An attacker with administrative privileges or the ability to modify the boot process could use one of the vulnerable shim bootloaders to bypass Secure Boot protections and execute arbitrary code before the operating system loads. Specific UEFI DBX update is required to block these vulnerable boot loaders.
Published: 2026-06-09
Score: 7.8 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Multiple Microsoft-sigend UEFI SHIM bootloaders are vulnerable to a SecureBoot bypass. An attacker with administrative privileges or the ability to modify the boot process could deploy a malicious shim to bypass Secure Boot protections and execute arbitrary code before the operating system loads. The flaw effectively disables the security benefits of SecureBoot, allowing code signed with the vulnerable shim to run unimpeded. A specific UEFI DBX update is required to block these vulnerable boot loaders.

Affected Systems

The affected vendors and products include Baramundi Management Suite, WhiteCanyon WipeDrive, Abitti 1, RosaLinux, OracleLinux(7.2) shim, various PC‑Doctor Linux Diagnostics tools, and Spyrus WTGCreator. Current data does not specify affected version ranges, but all versions running Microsoft‑signed UEFI SHIM loading mechanisms at the time of discovery are considered vulnerable. A specific UEFI DBX firmware update that removes the vulnerable shim binaries is the recommended fix.

Risk and Exploitability

The CVSS score is 7.8, and the EPSS score is unavailable, meaning the exploitation likelihood is not quantified. The vulnerability appears to be a design flaw in the shim’s signature validation, categorized as a failure to enforce SecureBoot policy. Attackers need either administrative rights on the host or physical access to modify the boot configuration to deploy the malicious shim. Once the shim is trusted by the firmware, the attacker can run arbitrary code with kernel privileges, constituting a high‑impact credential‑bypass scenario. The CVE is not listed in the CISA KEV catalog, but the severity suggests that any impacted system should treat it as a critical threat.

Generated by OpenCVE AI on June 9, 2026 at 22:05 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Deploy the UEFI firmware update that updates the DBX to block vulnerable shim bootloaders.
  • If a firmware update is not immediately available, temporarily disable SecureBoot to prevent any shim from loading during boot, acknowledging the reduction in boot‑time security.
  • Continuously monitor boot‑time logs and firmware integrity checks for evidence of unsigned or malicious shim binaries, and verify that no unauthorized code is running prior to OS initialization.

Generated by OpenCVE AI on June 9, 2026 at 22:05 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 09 Jun 2026 21:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-284
CWE-287
References
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 09 Jun 2026 20:30:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

Tue, 09 Jun 2026 19:45:00 +0000

Type Values Removed Values Added
Description Multiple version of UEFI SHIM bootloaders are vulnerable to SecureBoot bypass through lack of enforcement and validation SBAT. The following authenticode signatures are impacted by this disclosure AE75F0D82BA3DF824FBFC69340CC3B4D66C598373B1AB54CDB6C8BFD83A6B961 - Spyrus WTGCreator version 4.2 FD23D6E57DE6F4E1F9D7118DA1C5F31A8AF6BE5E5D9E8170F9493447268D50C5 - Baramundi Management Suite up to 2024R1 - A0DE9333442C1BF9349A460141AE5E80F911955C6506040FA3D021BF6C1AE3E4 WhiteCanyon WipeDrive versions 8.0.0 through 8.1.3. 95B6D71FC0C0F8C5E1533A37AEF92CF6B0C961E2CC612A97117FA6759CE5FC06 - Finland Matriculation Exam Abitti 1 version 1.0.0 236A9CB0D71951C36398A32EB660CE2CD4A52CCFA7CF751CC6A35D9DE549E19B - NTC IT Rosa R9, R10 8A964D5F8373948D20A1D4296FB92E545DAD4617A0C810F3B934B53D98AE8963 - PC-Doctor Service Center 15, 16 Multiple Microsoft-sigend UEFI SHIM bootloaders are vulnerable to SecureBoot bypass. An attacker with administrative privileges or the ability to modify the boot process could use one of the vulnerable shim bootloaders to bypass Secure Boot protections and execute arbitrary code before the operating system loads. Specific UEFI DBX update is required to block these vulnerable boot loaders.

Tue, 09 Jun 2026 18:45:00 +0000

Type Values Removed Values Added
Description Multiple version of UEFI SHIM bootloaders are vulnerable to SecureBoot bypass through lack of enforcement and validation SBAT. The following authenticode signatures are impacted by this disclosure AE75F0D82BA3DF824FBFC69340CC3B4D66C598373B1AB54CDB6C8BFD83A6B961 - Spyrus WTGCreator version 4.2 FD23D6E57DE6F4E1F9D7118DA1C5F31A8AF6BE5E5D9E8170F9493447268D50C5 - Baramundi Management Suite up to 2024R1 - A0DE9333442C1BF9349A460141AE5E80F911955C6506040FA3D021BF6C1AE3E4 WhiteCanyon WipeDrive versions 8.0.0 through 8.1.3. 95B6D71FC0C0F8C5E1533A37AEF92CF6B0C961E2CC612A97117FA6759CE5FC06 - Finland Matriculation Exam Abitti 1 version 1.0.0 236A9CB0D71951C36398A32EB660CE2CD4A52CCFA7CF751CC6A35D9DE549E19B - NTC IT Rosa R9, R10 8A964D5F8373948D20A1D4296FB92E545DAD4617A0C810F3B934B53D98AE8963 - PC-Doctor Service Center 15, 16
Title CVE-2026-8863
References

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: certcc

Published:

Updated: 2026-06-09T19:41:27.054Z

Reserved: 2026-05-18T19:41:10.790Z

Link: CVE-2026-8863

cve-icon Vulnrichment

Updated: 2026-06-09T19:41:27.054Z

cve-icon NVD

Status : Deferred

Published: 2026-06-09T19:17:59.210

Modified: 2026-06-09T21:17:26.447

Link: CVE-2026-8863

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-09T22:15:15Z

Weaknesses