CVE-2026-48578

Published Jun 9, 2026

Last updated 20 hours ago

CVSS high 7.9

Overview

AI description

Automated description summarized from trusted sources.

CVE-2026-48578 is a security feature bypass vulnerability found in Windows Secure Boot. It stems from a protection mechanism failure that allows an authorized attacker with local access to bypass a security feature. The vulnerability specifically involves a flaw in how the system validates certificate chains and manages trust relationships between security components. This enables an attacker to manipulate the boot process by substituting malicious certificates for legitimate ones, potentially leading to privilege escalation and the installation of persistent malware below the operating system level.

Description
Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.
Source
secure@microsoft.com
NVD status
Undergoing Analysis

Risk scores

CVSS 3.1

Type
Primary
Base score
7.9
Impact score
5.8
Exploitability score
1.5
Vector string
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N
Severity
HIGH

Weaknesses

secure@microsoft.com
CWE-284

Social media

Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.

Hype score

9

  1. 10 Secure Boot & BitLocker bypasses I reported are fixed in today's Patch Tuesday: CVE-2026-45588, CVE-2026-45654, CVE-2026-45655, CVE-2026-45656, CVE-2026-48568, CVE-2026-48570, CVE-2026-48573, CVE-2026-48575, CVE-2026-48576, CVE-2026-48578 Advisory: https://t.co/NkC6qGL9

    @alon_leviev

    9 Jun 2026

    4845 Impressions

    14 Retweets

    70 Likes

    12 Bookmarks

    2 Replies

    0 Quotes

References

Sources include official advisories and independent security research.