CVE-2026-41097: Reliance on a component that is not updateable in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.

medium6.7CVSS 3.1

AVLACLPRHUINSUCHIHAH

Reliance on a component that is not updateable in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.

21 ranges

Vendor	Product	Version range	Fixed in
microsoft	windows_10_1809	< 10.0.17763.8755	10.0.17763.8755
microsoft	windows_10_21h2	< 10.0.19044.7291	10.0.19044.7291
microsoft	windows_10_22h2	< 10.0.19045.7291	10.0.19045.7291
microsoft	windows_10_version_1809	>= 10.0.17763.0 < 10.0.17763.8755	10.0.17763.8755
microsoft	windows_10_version_21h2	>= 10.0.19044.0 < 10.0.19044.7291	10.0.19044.7291
microsoft	windows_10_version_22h2	>= 10.0.19045.0 < 10.0.19045.7291	10.0.19045.7291
microsoft	windows_11_23h2	< 10.0.22631.7079	10.0.22631.7079
microsoft	windows_11_24h2	< 10.0.26100.8390	10.0.26100.8390
microsoft	windows_11_25h2	< 10.0.26200.8390	10.0.26200.8390
microsoft	windows_11_26h1	< 10.0.28000.2113	10.0.28000.2113
microsoft	windows_11_version_23h2	>= 10.0.22631.0 < 10.0.22631.7079	10.0.22631.7079
microsoft	windows_11_version_24h2	>= 10.0.26100.0 < 10.0.26100.8457	10.0.26100.8457
microsoft	windows_11_version_25h2	>= 10.0.26200.0 < 10.0.26200.8457	10.0.26200.8457
microsoft	windows_11_version_26h1	>= 10.0.28000.0 < 10.0.28000.2113	10.0.28000.2113
microsoft	windows_server_2019	< 10.0.17763.8755	10.0.17763.8755
microsoft	windows_server_2019	>= 10.0.17763.0 < 10.0.17763.8755	10.0.17763.8755
microsoft	windows_server_2022	< 10.0.20348.5074	10.0.20348.5074
microsoft	windows_server_2022	>= 10.0.20348.0 < 10.0.20348.5139	10.0.20348.5139
microsoft	windows_server_2022_23h2	< 10.0.25398.2330	10.0.25398.2330
microsoft	windows_server_2025	< 10.0.26100.32772	10.0.26100.32772
microsoft	windows_server_2025	>= 10.0.26100.0 < 10.0.26100.32860	10.0.26100.32860