{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-8863", "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b", "state": "PUBLISHED", "assignerShortName": "certcc", "dateReserved": "2026-05-18T19:41:10.790Z", "datePublished": "2026-06-09T18:10:15.426Z", "dateUpdated": "2026-06-09T19:41:27.054Z"}, "containers": {"cna": {"title": "CVE-2026-8863", "descriptions": [{"lang": "en", "value": "Multiple Microsoft-sigend UEFI SHIM bootloaders are vulnerable to SecureBoot bypass. An attacker with administrative privileges or the ability to modify the boot process could use one of the vulnerable shim bootloaders to bypass Secure Boot protections and execute arbitrary code before the operating system loads. Specific UEFI DBX update is required to block these vulnerable boot loaders."}], "source": {"discovery": "EXTERNAL"}, "affected": [{"vendor": "Oracle Corporation", "product": "OracleLinux(7.2) shim", "versions": [{"status": "affected", "version": "0.9"}]}, {"vendor": "PC-Doctor", "product": "Service Center Enterprise", "versions": [{"status": "affected", "version": "14", "lessThanOrEqual": "17.0.7536.900", "versionType": "custom"}]}, {"vendor": "PC-Doctor", "product": "Service Center Drive Erase", "versions": [{"status": "affected", "version": "15", "lessThanOrEqual": "17.0.7538.592", "versionType": "custom"}]}, {"vendor": "PC-Doctor", "product": "Service Center Japan", "versions": [{"status": "affected", "version": "15", "lessThanOrEqual": "17.0.7539.904", "versionType": "custom"}]}, {"vendor": "PC-Doctor", "product": "Service Center", "versions": [{"status": "affected", "version": "14", "lessThanOrEqual": "17.0.7535.900", "versionType": "custom"}]}, {"vendor": "PC-Doctor", "product": "Network Factory for Linux (Bootable Diagnostics)", "versions": [{"status": "affected", "version": "6.9", "lessThanOrEqual": "6.20.7711.267", "versionType": "custom"}]}, {"vendor": "PC-Doctor", "product": "Factory for Linux (Bootable Diagnostics)", "versions": [{"status": "affected", "version": "6.9", "lessThanOrEqual": "6.20.7710.267", "versionType": "custom"}]}, {"vendor": "Spyrus", "product": "WTGCreator", "versions": [{"status": "affected", "version": "4.2"}]}, {"vendor": "Blancco UK", "product": "WhiteCanyon WipeDrive", "versions": [{"status": "affected", "version": "8.0.0", "lessThanOrEqual": "8.1.3", "versionType": "custom"}]}, {"vendor": "Baramundi Software", "product": "Baramundi Management Suite", "versions": [{"status": "affected", "version": "*", "lessThanOrEqual": "2024R1", "versionType": "custom"}]}, {"vendor": "Finland Matriculation Board", "product": "Abitti 1", "versions": [{"status": "affected", "version": "1.0.0"}]}, {"vendor": "NTC IT ROSA LLC", "product": "RosaLinux", "versions": [{"status": "affected", "version": "R9"}]}, {"vendor": "NTC IT ROSA LLC", "product": "RosaLinux", "versions": [{"status": "affected", "version": "R10"}]}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-347: Improper Verification of Cryptographic Signature"}]}, {"descriptions": [{"lang": "en", "description": "CWE-354: Improper Validation of Integrity Check Value"}]}], "references": [{"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-8863", "name": "Microsoft Vendor Security Advisory", "tags": ["vendor-advisory"]}, {"url": "https://kb.cert.org/vuls/id/616257", "name": "CERT/CC Vulnerability Notice", "tags": ["third-party-advisory"]}], "x_generator": {"engine": "VINCE 3.0.42", "env": "prod", "origin": "https://cveawg.mitre.org/api/cve/CVE-2026-8863"}, "credits": [{"lang": "en", "value": "Thanks to Martin Smolar of ESET for discovering and reporting this vulnerability", "type": "finder"}], "providerMetadata": {"orgId": "37e5125f-f79b-445b-8fad-9564f167944b", "shortName": "certcc", "dateUpdated": "2026-06-09T18:47:41.698Z"}}, "adp": [{"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-06-09T19:03:03.811729Z", "id": "CVE-2026-8863", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-06-09T19:03:21.716Z"}}, {"title": "CVE Program Container", "references": [{"url": "https://www.kb.cert.org/vuls/id/616257"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2026-06-09T19:41:27.054Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.kb.cert.org/vuls/id/616257"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2026-06-09T19:41:27.054Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2026-8863", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-06-09T19:03:03.811729Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-06-09T19:02:29.633Z"}}], "cna": {"title": "CVE-2026-8863", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "value": "Thanks to Martin Smolar of ESET for discovering and reporting this vulnerability"}], "affected": [{"vendor": "Oracle Corporation", "product": "OracleLinux(7.2) shim", "versions": [{"status": "affected", "version": "0.9"}]}, {"vendor": "PC-Doctor", "product": "Service Center Enterprise", "versions": [{"status": "affected", "version": "14", "versionType": "custom", "lessThanOrEqual": "17.0.7536.900"}]}, {"vendor": "PC-Doctor", "product": "Service Center Drive Erase", "versions": [{"status": "affected", "version": "15", "versionType": "custom", "lessThanOrEqual": "17.0.7538.592"}]}, {"vendor": "PC-Doctor", "product": "Service Center Japan", "versions": [{"status": "affected", "version": "15", "versionType": "custom", "lessThanOrEqual": "17.0.7539.904"}]}, {"vendor": "PC-Doctor", "product": "Service Center", "versions": [{"status": "affected", "version": "14", "versionType": "custom", "lessThanOrEqual": "17.0.7535.900"}]}, {"vendor": "PC-Doctor", "product": "Network Factory for Linux (Bootable Diagnostics)", "versions": [{"status": "affected", "version": "6.9", "versionType": "custom", "lessThanOrEqual": "6.20.7711.267"}]}, {"vendor": "PC-Doctor", "product": "Factory for Linux (Bootable Diagnostics)", "versions": [{"status": "affected", "version": "6.9", "versionType": "custom", "lessThanOrEqual": "6.20.7710.267"}]}, {"vendor": "Spyrus", "product": "WTGCreator", "versions": [{"status": "affected", "version": "4.2"}]}, {"vendor": "Blancco UK", "product": "WhiteCanyon WipeDrive", "versions": [{"status": "affected", "version": "8.0.0", "versionType": "custom", "lessThanOrEqual": "8.1.3"}]}, {"vendor": "Baramundi Software", "product": "Baramundi Management Suite", "versions": [{"status": "affected", "version": "*", "versionType": "custom", "lessThanOrEqual": "2024R1"}]}, {"vendor": "Finland Matriculation Board", "product": "Abitti 1", "versions": [{"status": "affected", "version": "1.0.0"}]}, {"vendor": "NTC IT ROSA LLC", "product": "RosaLinux", "versions": [{"status": "affected", "version": "R9"}]}, {"vendor": "NTC IT ROSA LLC", "product": "RosaLinux", "versions": [{"status": "affected", "version": "R10"}]}], "references": [{"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-8863", "name": "Microsoft Vendor Security Advisory", "tags": ["vendor-advisory"]}, {"url": "https://kb.cert.org/vuls/id/616257", "name": "CERT/CC Vulnerability Notice", "tags": ["third-party-advisory"]}], "x_generator": {"env": "prod", "engine": "VINCE 3.0.42", "origin": "https://cveawg.mitre.org/api/cve/CVE-2026-8863"}, "descriptions": [{"lang": "en", "value": "Multiple Microsoft-sigend UEFI SHIM bootloaders are vulnerable to SecureBoot bypass. An attacker with administrative privileges or the ability to modify the boot process could use one of the vulnerable shim bootloaders to bypass Secure Boot protections and execute arbitrary code before the operating system loads. Specific UEFI DBX update is required to block these vulnerable boot loaders."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-347: Improper Verification of Cryptographic Signature"}]}, {"descriptions": [{"lang": "en", "description": "CWE-354: Improper Validation of Integrity Check Value"}]}], "providerMetadata": {"orgId": "37e5125f-f79b-445b-8fad-9564f167944b", "shortName": "certcc", "dateUpdated": "2026-06-09T18:47:41.698Z"}}}, "cveMetadata": {"cveId": "CVE-2026-8863", "state": "PUBLISHED", "dateUpdated": "2026-06-09T19:41:27.054Z", "dateReserved": "2026-05-18T19:41:10.790Z", "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b", "datePublished": "2026-06-09T18:10:15.426Z", "assignerShortName": "certcc"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Multiple Microsoft-sigend UEFI SHIM bootloaders are vulnerable to SecureBoot bypass. An attacker with administrative privileges or the ability to modify the boot process could use one of the vulnerable shim bootloaders to bypass Secure Boot protections and execute arbitrary code before the operating system loads. Specific UEFI DBX update is required to block these vulnerable boot loaders."}], "id": "CVE-2026-8863", "lastModified": "2026-06-09T21:17:26.447", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-06-09T19:17:59.210", "references": [{"source": "cret@cert.org", "url": "https://kb.cert.org/vuls/id/616257"}, {"source": "cret@cert.org", "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-8863"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.kb.cert.org/vuls/id/616257"}], "sourceIdentifier": "cret@cert.org", "vulnStatus": "Deferred"}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,2024R1]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "Baramundi Management Suite", "source": "cna", "vendor": "Baramundi Software"}, "product": "baramundi_management_suite", "vendor": "baramundi_software"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[8.0.0,8.1.3]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "WhiteCanyon WipeDrive", "source": "cna", "vendor": "Blancco UK"}, "product": "whitecanyon_wipedrive", "vendor": "blancco_uk"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[1.0.0,1.0.0]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "Abitti 1", "source": "cna", "vendor": "Finland Matriculation Board"}, "product": "abitti_1", "vendor": "finland_matriculation_board"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[R9,R9]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "manual", "scores": [{"score": 100.0, "source": "manual"}]}, "original": {"product": "RosaLinux", "source": "cna", "vendor": "NTC IT ROSA LLC"}, "product": "rosalinux", "vendor": "ntc_it_rosa"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[R10,R10]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "manual", "scores": [{"score": 100.0, "source": "manual"}]}, "original": {"product": "RosaLinux", "source": "cna", "vendor": "NTC IT ROSA LLC"}, "product": "rosalinux", "vendor": "ntc_it_rosa"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0.9,0.9]"}}], "enrichment": {"confidence": 85.0, "confidence_source": "matching", "scores": [{"score": 85.0, "source": "matching"}]}, "original": {"product": "OracleLinux(7.2) shim", "source": "cna", "vendor": "Oracle Corporation"}, "product": "oracle_linux", "vendor": "oracle_corporation"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[6.9,6.20.7710.267]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "manual", "scores": [{"score": 100.0, "source": "manual"}]}, "original": {"product": "Factory for Linux (Bootable Diagnostics)", "source": "cna", "vendor": "PC-Doctor"}, "product": "factory_for_linux", "vendor": "pc-doctor"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[6.9,6.20.7711.267]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "manual", "scores": [{"score": 100.0, "source": "manual"}]}, "original": {"product": "Network Factory for Linux (Bootable Diagnostics)", "source": "cna", "vendor": "PC-Doctor"}, "product": "network_factory_for_linux", "vendor": "pc-doctor"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[14,17.0.7535.900]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "Service Center", "source": "cna", "vendor": "PC-Doctor"}, "product": "service_center", "vendor": "pc-doctor"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[15,17.0.7538.592]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "Service Center Drive Erase", "source": "cna", "vendor": "PC-Doctor"}, "product": "service_center_drive_erase", "vendor": "pc-doctor"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[14,17.0.7536.900]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "Service Center Enterprise", "source": "cna", "vendor": "PC-Doctor"}, "product": "service_center_enterprise", "vendor": "pc-doctor"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[15,17.0.7539.904]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "Service Center Japan", "source": "cna", "vendor": "PC-Doctor"}, "product": "service_center_japan", "vendor": "pc-doctor"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[4.2,4.2]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "WTGCreator", "source": "cna", "vendor": "Spyrus"}, "product": "wtgcreator", "vendor": "spyrus"}], "created": "2026-06-09T21:15:05.705783+00:00", "title": "UEFI SHIM SecureBoot Bypass in Multiple Microsoft\u2011Signed Bootloaders", "updated": "2026-06-10T11:22:18.952619+00:00", "vendors": ["baramundi_software", "baramundi_software$PRODUCT$baramundi_management_suite", "blancco_uk", "blancco_uk$PRODUCT$whitecanyon_wipedrive", "finland_matriculation_board", "finland_matriculation_board$PRODUCT$abitti_1", "ntc_it_rosa", "ntc_it_rosa$PRODUCT$rosalinux", "oracle_corporation", "oracle_corporation$PRODUCT$oracle_linux", "pc-doctor", "pc-doctor$PRODUCT$factory_for_linux", "pc-doctor$PRODUCT$network_factory_for_linux", "pc-doctor$PRODUCT$service_center", "pc-doctor$PRODUCT$service_center_drive_erase", "pc-doctor$PRODUCT$service_center_enterprise", "pc-doctor$PRODUCT$service_center_japan", "spyrus", "spyrus$PRODUCT$wtgcreator"], "weaknesses": ["CWE-284", "CWE-287"]}