Back to Blog
CVE-2026-35273: Multi-Vendor UEFI Shim — Secure Boot Bypass Risk (June 2026)
vulnerabilities

CVE-2026-35273: Multi-Vendor UEFI Shim — Secure Boot Bypass Risk (June 2026)

breachwire TeamJun 15, 20262 min read

CVE-2026-35273 — Multi-Vendor UEFI Shim

CVE-2026-35273 is a critical vulnerability in outdated UEFI shim bootloaders, rated critical, that enables attackers to bypass Secure Boot protections. Exploitation allows unsigned or malicious code to execute during the earliest boot phase, evading endpoint detection and persisting across reboots and OS reinstalls. There is no confirmation of active exploitation as of June 2026, but the risk profile is severe due to the attack surface and supply chain implications.

Attack Vector

Attackers leverage a Bring Your Own Vulnerable Driver (BYOVD) approach, introducing a compromised or outdated UEFI shim bootloader into the boot chain. This enables early-stage code execution before the operating system loads, bypassing Secure Boot and allowing unsigned kernel components or rootkits to persist. No specific IOCs are provided, but monitoring for unauthorized bootloader changes or unexpected boot chain modifications is advised.

Who Is at Risk

Organizations using Microsoft, RedHat, CentOS, Oracle, OpenSuse, and WhiteCanyon platforms with outdated UEFI shim bootloaders are directly affected. Both physical and virtual deployments are at risk, especially in environments where Secure Boot is relied upon for firmware integrity and supply chain assurance.

Patch & Mitigate

  • Patch: Upgrade to the latest vendor-supplied UEFI shim bootloader immediately. Check vendor advisories for patched versions and apply updates without delay.
  • Workaround: Restrict physical and remote access to boot configuration. Block unsigned bootloaders via firmware settings where possible.
  • Detect: Audit bootloader integrity, monitor for unauthorized changes to EFI partitions, and review boot logs for unexpected or unsigned components.

MITRE ATT&CK

  • TA0005 — Defense Evasion: Attackers bypass Secure Boot, evading standard security controls.
  • TA0007 — Persistence: Malicious code persists across reboots and OS reinstalls via compromised bootloader.
  • TA0040 — Impact: Early boot compromise threatens firmware supply chain and platform trust.

Source: https://securityonline.info/vulnerable-uefi-shim-bootloaders

View Original Source

Start Your 14-Day Free Trial

Get curated cyber intelligence delivered to your inbox every morning at 6 AM. No credit card required.

Get Started Free
Share this article:

Related Articles

CVE-2025-8088: WinRAR — Silent Credential Theft & Espionage (June 2026)
vulnerabilities

CVE-2025-8088: WinRAR — Silent Credential Theft & Espionage (June 2026)

2 min read
CVE-2026-20253: Splunk Enterprise — Unauthenticated RCE via PostgreSQL (June 2026)
vulnerabilities

CVE-2026-20253: Splunk Enterprise — Unauthenticated RCE via PostgreSQL (June 2026)

2 min read
CVE-2026-48558: SimpleHelp OIDC — Remote Endpoint Hijack Risk (June 2026)
vulnerabilities

CVE-2026-48558: SimpleHelp OIDC — Remote Endpoint Hijack Risk (June 2026)

2 min read