UEFI SHIM SBAT Bypass in SecureBoot Bootloaders (v4.22024R1 etc)
CVE-2026-8863 Published on June 9, 2026

CVE-2026-8863
Multiple Microsoft-sigend UEFI SHIM bootloaders are vulnerable to SecureBoot bypass. An attacker with administrative privileges or the ability to modify the boot process could use one of the vulnerable shim bootloaders to bypass Secure Boot protections and execute arbitrary code before the operating system loads. Specific UEFI DBX update is required to block these vulnerable boot loaders.

Vendor Advisory NVD

Vulnerability Analysis

CVE-2026-8863 can be exploited with local system access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to be very high.

Attack Vector:
LOCAL
Attack Complexity:
LOW
Privileges Required:
LOW
User Interaction:
NONE
Scope:
UNCHANGED
Confidentiality Impact:
HIGH
Integrity Impact:
HIGH
Availability Impact:
HIGH

Products Associated with CVE-2026-8863

Want to know whenever a new CVE is published for Oracle? stack.watch will email you.

Oracle
 

Affected Versions

Oracle Corporation OracleLinux(7.2) shim: PC-Doctor Service Center Enterprise: PC-Doctor Service Center Drive Erase: PC-Doctor Service Center Japan: PC-Doctor Service Center: PC-Doctor Network Factory for Linux (Bootable Diagnostics): PC-Doctor Factory for Linux (Bootable Diagnostics): Spyrus WTGCreator: Blancco UK WhiteCanyon WipeDrive: Baramundi Software Baramundi Management Suite: Finland Matriculation Board Abitti 1: NTC IT ROSA LLC RosaLinux: NTC IT ROSA LLC RosaLinux: