CVE-2026-48576

Published Jun 9, 2026

Last updated 19 hours ago

CVSS high 7.9

Overview

AI description

Automated description summarized from trusted sources.

CVE-2026-48576 is a security feature bypass vulnerability affecting Microsoft Windows Secure Boot. This flaw arises from the system's reliance on a component that is not updateable, meaning it cannot be patched to address underlying weaknesses or bugs. Exploitation of CVE-2026-48576 requires local access and allows an authorized attacker to bypass a security feature within the Windows Secure Boot mechanism. Microsoft released a security update on June 9, 2026, to address this issue.

Description
Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.
Source
secure@microsoft.com
NVD status
Undergoing Analysis

Risk scores

CVSS 3.1

Type
Primary
Base score
7.9
Impact score
5.8
Exploitability score
1.5
Vector string
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N
Severity
HIGH

Weaknesses

secure@microsoft.com
CWE-1329

Social media

Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.

Hype score

9

  1. 10 Secure Boot & BitLocker bypasses I reported are fixed in today's Patch Tuesday: CVE-2026-45588, CVE-2026-45654, CVE-2026-45655, CVE-2026-45656, CVE-2026-48568, CVE-2026-48570, CVE-2026-48573, CVE-2026-48575, CVE-2026-48576, CVE-2026-48578 Advisory: https://t.co/NkC6qGL9

    @alon_leviev

    9 Jun 2026

    4726 Impressions

    13 Retweets

    68 Likes

    12 Bookmarks

    2 Replies

    0 Quotes

References

Sources include official advisories and independent security research.