CVE-2026-8863_CVE-2026-8863

7.8 / 10

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Description

Multiple Microsoft-sigend UEFI SHIM bootloaders are vulnerable to SecureBoot bypass. An attacker with administrative privileges or the ability to modify the boot process could use one of the vulnerable shim bootloaders to bypass Secure Boot protections and execute arbitrary code before the operating system loads. Specific UEFI DBX update is required to block these vulnerable boot loaders.

Basic Information

ID CVE-2026-8863

Source certcc

Published Jun 9, 2026 at 18:10

Modified Jun 9, 2026 at 19:41

Affected Product

Vendor Oracle Corporation

Product OracleLinux(7.2) shim

Version 0.9

Affected Versions Oracle Corporation OracleLinux(7.2) shim 0.9
PC-Doctor Service Center Enterprise 14
PC-Doctor Service Center Drive Erase 15
PC-Doctor Service Center Japan 15
PC-Doctor Service Center 14
PC-Doctor Network Factory for Linux (Bootable Diagnostics) 6.9
PC-Doctor Factory for Linux (Bootable Diagnostics) 6.9
Spyrus WTGCreator 4.2
Blancco UK WhiteCanyon WipeDrive 8.0.0
Baramundi Software Baramundi Management Suite *
Finland Matriculation Board Abitti 1 1.0.0
NTC IT ROSA LLC RosaLinux R9
NTC IT ROSA LLC RosaLinux R10

References

{
    "lastseen": "",
    "description": "Multiple Microsoft-sigend UEFI SHIM bootloaders are vulnerable to SecureBoot bypass. An attacker with administrative privileges or the ability to modify the boot process could use one of the vulnerable shim bootloaders to bypass Secure Boot protections and execute arbitrary code before the operating system loads. Specific UEFI DBX update is required to block these vulnerable boot loaders.",
    "published": "2026-06-09T18:10:15.426Z",
    "modified": "2026-06-09T19:41:27.054Z",
    "type": "cve",
    "title": "CVE-2026-8863",
    "source": "certcc",
    "references": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-8863\nhttps://kb.cert.org/vuls/id/616257",
    "id": "CVE-2026-8863",
    "bulletinFamily": "",
    "cwe": null,
    "cvelist": null,
    "sourceData": "Oracle Corporation OracleLinux(7.2) shim 0.9\nPC-Doctor Service Center Enterprise 14\nPC-Doctor Service Center Drive Erase 15\nPC-Doctor Service Center Japan 15\nPC-Doctor Service Center 14\nPC-Doctor Network Factory for Linux (Bootable Diagnostics) 6.9\nPC-Doctor Factory for Linux (Bootable Diagnostics) 6.9\nSpyrus WTGCreator 4.2\nBlancco UK WhiteCanyon WipeDrive 8.0.0\nBaramundi Software Baramundi Management Suite *\nFinland Matriculation Board Abitti 1 1.0.0\nNTC IT ROSA LLC RosaLinux R9\nNTC IT ROSA LLC RosaLinux R10",
    "sourceHref": "",
    "cvss": {
        "score": 7.8,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "OracleLinux(7.2) shim",
    "version": "0.9",
    "vendor": "Oracle Corporation",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Description

Basic Information

Affected Product

References

💭 Join the Security Discussion ❌ Cancel Reply