cve-2026-48578

CVE-2026-48578 is an Important-rated Windows Secure Boot security feature bypass vulnerability published by Microsoft on June 9, 2026. It allows a highly privileged local attacker to defeat Secure Boot protections across supported Windows client and server releases. Microsoft states exploitation is less likely and not known to be public or active, but the vulnerability is confirmed and patched. The fix is included in the June 2026 Patch Tuesday updates. This vulnerability highlights that Secure Boot is a chain of trust that can fail at unexpected links. Users should install the update to protect their systems.