VDB
CVE-2026-8863
CVE-2026-8863
PUBLISHED
CVSS 7.8 HIGH
Reported by certcc · Published June 9, 2026
Multiple Microsoft-sigend UEFI SHIM bootloaders are vulnerable to SecureBoot bypass. An attacker with administrative privileges or the ability to modify the boot process could use one of the vulnerable shim bootloaders to bypass Secure Boot protections and execute arbitrary code before the operating system loads. Specific UEFI DBX update is required to block these vulnerable boot loaders.
Risk Scores
CVSS 3.1
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Oracle Corporation | OracleLinux(7.2) shim | 0.9 |
| PC-Doctor | Service Center Enterprise | 14 |
| PC-Doctor | Service Center Drive Erase | 15 |
| PC-Doctor | Service Center Japan | 15 |
| PC-Doctor | Service Center | 14 |
| PC-Doctor | Network Factory for Linux (Bootable Diagnostics) | 6.9 |
| PC-Doctor | Factory for Linux (Bootable Diagnostics) | 6.9 |
| Spyrus | WTGCreator | 4.2 |
| Blancco UK | WhiteCanyon WipeDrive | 8.0.0 |
| baramundi software | baramundi Management Suite | * |
| SUSE Linux | OpenSUSE shim | 0.9 |
| Finland Matriculation Board | Abitti 1 | 1.0.0 |
| NTC IT ROSA LLC | RosaLinux | R9 |
| NTC IT ROSA LLC | RosaLinux | R10 |
| baramundi software | baramundi Management Suite | * |
| Blancco UK | WhiteCanyon WipeDrive | 8.0.0, 8.0.0 |
| Baramundi Software | Baramundi Management Suite | * |
| Finland Matriculation Board | Abitti 1 | 1.0.0, 1.0.0 |
| PC-Doctor | Service Center Japan | 15, 15 |
| Oracle Corporation | OracleLinux(7.2) shim | 0.9, 0.9 |
…and 8 more
Timeline
- Jun 9, 2026 CVE Published
- Jun 10, 2026 Coalition ESS Score
- Jun 10, 2026 Security Advisory
- Jun 10, 2026 Security Advisory
- Jun 10, 2026 Security Advisory
References
- Microsoft Vendor Security Advisory vendor-advisory
- CERT/CC Vulnerability Notice third-party-advisory
- https://www.kb.cert.org/vuls/id/616257 url