{"vulnerability": "CVE-2026-10797", "sightings": [{"uuid": "aa9ec4fb-9265-4e94-9779-3a9f050ee187", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-10797", "type": "seen", "source": "https://bsky.app/profile/esetresearch.bsky.social/post/3mqlusqj43c24", "content": "Tracked by #CVE-2026-8863 and #CVE-2026-10797, all these vulnerable shims were revoked in Microsoft\u2019s June Patch Tuesday updates.  \n\nwww.cve.org/CVERecord?id... \n\nwww.cve.org/CVERecord?id... 2/5", "creation_timestamp": "2026-07-14T09:18:49.458399Z"}, {"uuid": "7995ac18-c268-46f8-99a5-bd957b88e039", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-10797", "type": "seen", "source": "https://bsky.app/profile/esetresearch.bsky.social/post/3mqlustra4c24", "content": "Tracked by #CVE-2026-8863 and #CVE-2026-10797, all these vulnerable shims were revoked in Microsoft\u2019s June Patch Tuesday updates.  \n\nwww.cve.org/CVERecord?id... \n\nwww.cve.org/CVERecord?id... 2/5", "creation_timestamp": "2026-07-14T09:18:49.932318Z"}, {"uuid": "cb47e7ea-4bd5-4836-a18c-914bf8e1d531", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-10797", "type": "seen", "source": "https://bsky.app/profile/esetresearch.bsky.social/post/3mqlustrgx224", "content": "Tracked by #CVE-2026-8863 and #CVE-2026-10797, all these vulnerable shims were revoked in Microsoft\u2019s June Patch Tuesday updates.  \n\nwww.cve.org/CVERecord?id... \n\nwww.cve.org/CVERecord?id... 2/5", "creation_timestamp": "2026-07-14T09:18:50.372893Z"}, {"uuid": "e38ebf78-1e6b-4dfc-8dab-15c012296ef2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-10797", "type": "seen", "source": "https://bsky.app/profile/esetresearch.bsky.social/post/3mqlustrku224", "content": "Tracked by #CVE-2026-8863 and #CVE-2026-10797, all these vulnerable shims were revoked in Microsoft\u2019s June Patch Tuesday updates.  \n\nwww.cve.org/CVERecord?id... \n\nwww.cve.org/CVERecord?id... 2/5", "creation_timestamp": "2026-07-14T09:18:50.841603Z"}, {"uuid": "fee2f5f6-4982-4eef-8e94-e3ec635db9ba", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-10797", "type": "seen", "source": "https://bsky.app/profile/esetresearch.bsky.social/post/3mqlustror224", "content": "Tracked by #CVE-2026-8863 and #CVE-2026-10797, all these vulnerable shims were revoked in Microsoft\u2019s June Patch Tuesday updates.  \n\nwww.cve.org/CVERecord?id... \n\nwww.cve.org/CVERecord?id... 2/5", "creation_timestamp": "2026-07-14T09:18:51.314759Z"}, {"uuid": "0fff37c0-c74f-4900-abc7-0b8e1b00db72", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-10797", "type": "seen", "source": "https://infosec.exchange/users/ESETresearch/statuses/116917582564392811", "content": "#ESETresearch discovered and reported to @certcc 11 old Microsoft-signed UEFI shim bootloaders that allow bypassing UEFI Secure Boot on most UEFI systems. Read about it at https://www.welivesecurity.com/en/eset-research/forgotten-uefi-shims-undermining-secure-boot/ Tracked by #CVE-2026-8863 and #CVE-2026-10797, all these vulnerable shims were revoked in Microsoft\u2019s June Patch Tuesday updates.  \nhttps://www.cve.org/CVERecord?id=CVE-2026-8863 \nhttps://www.cve.org/CVERecord?id=CVE-2026-10797Exploiting these vulnerable shims allows execution of untrusted code at system boot by using the Bring Your Own Vulnerable Driver (#BYOVD) technique, enabling deployment of malicious UEFI bootkits on systems that trust the Microsoft Corporation UEFI CA 2011 certificate. What makes these old shims dangerous is not a novel vulnerability, it\u2019s that no new vulnerability is needed to bypass Secure Boot. Just an old, still-trusted, unrevoked shim and basic knowledge of how UEFI works is enough to bypass UEFI Secure Boot and deploy a UEFI bootkit. For more details and instructions on how to verify that the dbx patches were properly applied on your system, read our blogpost:https://www.welivesecurity.com/en/eset-research/forgotten-uefi-shims-undermining-secure-boot/", "creation_timestamp": "2026-07-14T09:19:03.143941Z"}]}