Security Feature Bypass in Microsoft Windows Secure Boot
CVE-2026-41097

6.7MEDIUM

Key Information:

Vendor: Microsoft
Status: Windows 10 Version 1809; Windows 10 Version 21h2; Windows 10 Version 22h2; Windows 11 Version 22h3
Vendor: CVE Published:; 12 May 2026

What is CVE-2026-41097?

A vulnerability in Microsoft Windows Secure Boot arises from the reliance on a component that cannot be updated. This flaw allows an authorized attacker the capability to bypass the intended security measures locally, leading to potential exposure of the system’s integrity and confidentiality. It underscores the importance of regular security assessments and timely updates to mitigate risks associated with unpatchable components.

Affected Version(s)

Windows 10 Version 1809 32-bit Systems 10.0.17763.0 < 10.0.17763.8755

Windows 10 Version 21H2 32-bit Systems 10.0.19044.0 < 10.0.19044.7291

Windows 10 Version 22H2 32-bit Systems 10.0.19045.0 < 10.0.19045.7291

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisorypatch

CVSS V3.1

Score:

6.7

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 12, 2026
Vulnerability Reserved
Apr 16, 2026

CVE-2026-41097 Data

JSON