Zero Day MonitorZDM

← Back to list

6.7

CVE-2026-0390PATCHED

Microsoft · Windows 10 Version 1607

UEFI Secure Boot Security Feature Bypass Vulnerability

Description

Reliance on untrusted inputs in a security decision in Windows Boot Loader allows an authorized attacker to bypass a security feature locally.

Affected Products

Vendor	Product	Versions
Microsoft	Windows 10 Version 1607	10.0.14393.0, 10.0.17763.0, 10.0.19044.0, 10.0.19045.0, 10.0.14393.0, 10.0.14393.0, 10.0.17763.0, 10.0.17763.0, 10.0.20348.0

Also Affects

Downstream vendors/products affected by this vulnerability

Vendor	Product	Source	Confidence
microsoft	windows 10 version 22h2	mitre_affected	90%
microsoft	windows server 2019 (server core installation)	mitre_affected	90%
microsoft	windows 10 version 21h2	mitre_affected	90%
microsoft	windows server 2016 (server core installation)	mitre_affected	90%
microsoft	windows 10 version	mitre_affected	90%

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-0390(vendor-advisory, patch)

Related News (3 articles)

Tier C

Qualys Blog3h ago

Microsoft and Adobe Patch Tuesday, April 2026 Security Update Review

→ No new info (linked only)

Tier C

VulDB6h ago

CVE-2026-0390 | Microsoft Windows up to Server 2022 UEFI Secure Boot reliance on untrusted inputs in a security decision

→ No new info (linked only)

Tier A

Microsoft MSRC9h ago

CVE-2026-0390 UEFI Secure Boot Security Feature Bypass Vulnerability

→ No new info (linked only)

CVSS 3.16.7 MEDIUM

VectorCVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

CISA KEV❌ No

Actively exploited❌ No

Patch available

10.0.14393.906010.0.17763.864410.0.19044.718410.0.19045.718410.0.20348.5020

CWECWE-807

PublishedApr 14, 2026

Last enriched5h agov2

Tags

CVE-2026-0390

Trending Score43

Source articles3

Independent3

Info Completeness9/14

Missing: epss, kev, exploit, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

CRITICALCVE-2026-32201EXPKEV

Microsoft SharePoint Server Spoofing Vulnerability

HIGHCVE-2026-26171EXP

.NET Denial of Service Vulnerability

CRITICALCVE-2026-33824EXP

Windows Internet Key Exchange (IKE) Service Extensions Remote Code Execution Vulnerability

HIGHCVE-2026-32071EXP

Windows Local Security Authority Subsystem Service (LSASS) Denial of Service Vulnerability

HIGHCVE-2026-32075EXP

Windows UPnP Device Host Elevation of Privilege Vulnerability

Pin to Dashboard

Verification

State: verified

Confidence: 0%

Vulnerability Timeline

CVE Published

Apr 14, 2026

Discovered by ZDM

Apr 14, 2026

Updated: tags

Apr 14, 2026

Patch Available

Apr 14, 2026

Version History

v2

Last enriched 5h ago

v2Tier C5h ago

Updated severity to CRITICAL, added new description, and included CVE-2026-0390 as a tag.

tags

via VulDB

v16h ago

Initial creation