CVE-2026-21265

Name of the Vulnerable Software and Affected Versions Windows versions (affected versions not specified) Windows Server versions (affected versions not specified)

Description The issue centers around the approaching expiration of Microsoft certificates used in Windows Secure Boot, specifically those stored in the UEFI KEK and DB. These certificates, originally issued in 2011, are set to expire in June and October 2026. The expiration of these certificates could weaken boot integrity or cause boot failures if updated certificates are not deployed. The operating system’s certificate update mechanism relies on firmware components that may have defects, potentially leading to failures or unpredictable behavior during certificate trust updates. This could disrupt the Secure Boot trust chain. The vulnerability allows attackers to affect the system by bypassing security features. The issue impacts devices globally that utilize Secure Boot. The vulnerability is actively exploited.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.