Zero Day MonitorZDM

← Back to list

6.7

CVE-2026-0390PATCHED

Microsoft · Windows 10 Version 1607

UEFI Secure Boot Security Feature Bypass Vulnerability

Description

Reliance on untrusted inputs in a security decision in Windows Boot Loader allows an authorized attacker to bypass a security feature locally.

Affected Products

Vendor	Product	Versions
Microsoft	Windows 10 Version 1607	10.0.14393.0, 10.0.17763.0, 10.0.19044.0, 10.0.19045.0, 10.0.14393.0, 10.0.14393.0, 10.0.17763.0, 10.0.17763.0, 10.0.20348.0

Also Affects

Downstream vendors/products affected by this vulnerability

Vendor	Product	Source	Confidence
microsoft	windows 10 version 22h2	mitre_affected	90%
microsoft	windows server 2019 (server core installation)	mitre_affected	90%
microsoft	windows 10 version 21h2	mitre_affected	90%
microsoft	windows server 2016 (server core installation)	mitre_affected	90%
microsoft	windows 10 version	mitre_affected	90%

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-0390(vendor-advisory, patch)

Related News (3 articles)

Tier C

Qualys Blog4h ago

Microsoft and Adobe Patch Tuesday, April 2026 Security Update Review

→ No new info (linked only)

Tier C

VulDB7h ago

CVE-2026-0390 | Microsoft Windows up to Server 2022 UEFI Secure Boot reliance on untrusted inputs in a security decision

→ No new info (linked only)

Tier A

Microsoft MSRC11h ago

CVE-2026-0390 UEFI Secure Boot Security Feature Bypass Vulnerability

→ No new info (linked only)

CVSS 3.16.7 MEDIUM

VectorCVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

CISA KEV❌ No

Actively exploited❌ No

Patch available

10.0.14393.906010.0.17763.864410.0.19044.718410.0.19045.718410.0.20348.5020

CWECWE-807

PublishedApr 14, 2026

Last enriched7h agov2

Tags

CVE-2026-0390

Trending Score43

Source articles3

Independent3

Info Completeness9/14

Missing: epss, kev, exploit, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

MEDIUMCVE-2026-32201EXPKEV

Microsoft SharePoint Server Spoofing Vulnerability

CRITICALCVE-2026-33824EXP

Windows Internet Key Exchange (IKE) Service Extensions Remote Code Execution Vulnerability

HIGHCVE-2026-32075EXP

Windows UPnP Device Host Elevation of Privilege Vulnerability

HIGHCVE-2026-32071EXP

Windows Local Security Authority Subsystem Service (LSASS) Denial of Service Vulnerability

HIGHCVE-2026-32093EXP

Windows Function Discovery Service (fdwsd.dll) Elevation of Privilege Vulnerability

Pin to Dashboard

Verification

State: verified

Confidence: 0%

Vulnerability Timeline

CVE Published

Apr 14, 2026

Discovered by ZDM

Apr 14, 2026

Updated: tags

Apr 14, 2026

Patch Available

Apr 14, 2026

Version History

v2

Last enriched 7h ago

v2Tier C7h ago

Updated severity to CRITICAL, added new description, and included CVE-2026-0390 as a tag.

tags

via VulDB

v17h ago

Initial creation