{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-17T23:18:57.081","vulnerabilities":[{"cve":{"id":"CVE-2026-21265","sourceIdentifier":"secure@microsoft.com","published":"2026-01-13T18:16:25.053","lastModified":"2026-01-14T20:23:43.417","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Windows Secure Boot stores Microsoft certificates in the UEFI KEK and DB. These original certificates are approaching expiration, and devices containing affected certificate versions must update them to maintain Secure Boot functionality and avoid compromising security by losing security fixes related to Windows boot manager or Secure Boot.\nThe operating system’s certificate update protection mechanism relies on firmware components that might contain defects, which can cause certificate trust updates to fail or behave unpredictably. This leads to potential disruption of the Secure Boot trust chain and requires careful validation and deployment to restore intended security guarantees.\n\n\n\nCertificate Authority (CA)\nLocation\nPurpose\nExpiration Date\n\n\n\n\nMicrosoft Corporation KEK CA 2011\nKEK\nSigns updates to the DB and DBX\n06/24/2026\n\n\nMicrosoft Corporation UEFI CA 2011\nDB\nSigns 3rd party boot loaders, Option ROMs, etc.\n06/27/2026\n\n\nMicrosoft Windows Production PCA 2011\nDB\nSigns the Windows Boot Manager\n10/19/2026\n\n\n\nFor more information see this CVE and Windows Secure Boot certificate expiration and CA updates."},{"lang":"es","value":"Secure Boot de Windows almacena certificados de Microsoft en el KEK y DB de UEFI. Estos certificados originales están próximos a caducar, y los dispositivos que contienen versiones de certificados afectadas deben actualizarlos para mantener la funcionalidad de Secure Boot y evitar comprometer la seguridad al perder las correcciones de seguridad relacionadas con el gestor de arranque de Windows o Secure Boot.\nEl mecanismo de protección de actualización de certificados del sistema operativo se basa en componentes de firmware que podrían contener defectos, lo que puede hacer que las actualizaciones de confianza de los certificados fallen o se comporten de manera impredecible. Esto lleva a una posible interrupción de la cadena de confianza de Secure Boot y requiere una validación y un despliegue cuidadosos para restaurar las garantías de seguridad previstas.\n\nAutoridad de Certificación (CA)\nUbicación\nPropósito\nFecha de Vencimiento\n\nMicrosoft Corporation KEK CA 2011\nKEK\nFirma las actualizaciones de la DB y DBX\n24/06/2026\n\nMicrosoft Corporation UEFI CA 2011\nDB\nFirma cargadores de arranque de terceros, ROMs de opción, etc.\n27/06/2026\n\nMicrosoft Windows Production PCA 2011\nDB\nFirma el Gestor de Arranque de Windows\n19/10/2026\n\nPara más información, consulte este CVE y el vencimiento de los certificados de Secure Boot de Windows y las actualizaciones de CA."}],"metrics":{"cvssMetricV31":[{"source":"secure@microsoft.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H","baseScore":6.4,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":0.5,"impactScore":5.9}]},"weaknesses":[{"source":"secure@microsoft.com","type":"Secondary","description":[{"lang":"en","value":"CWE-1329"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*","versionEndExcluding":"10.0.14393.8783","matchCriteriaId":"9A956D23-259E-450B-8406-FEB2BBED1F39"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*","versionEndExcluding":"10.0.14393.8783","matchCriteriaId":"41D387B9-5E9D-47CB-B044-D7D10FFFB458"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*","versionEndExcluding":"10.0.17763.8276","matchCriteriaId":"DD4CBDAB-7626-4048-8474-B1BD9C1F3255"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*","versionEndExcluding":"10.0.17763.8276","matchCriteriaId":"A6D4C631-2CC0-407C-9ACA-7C151006598C"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:arm64:*","versionEndExcluding":"10.0.19044.6809","matchCriteriaId":"9CFC3200-1FAB-4AB1-A008-F703EEF3505A"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x64:*","versionEndExcluding":"10.0.19044.6809","matchCriteriaId":"E481E93D-D86E-4B65-93E5-200327C348C8"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x86:*","versionEndExcluding":"10.0.19044.6809","matchCriteriaId":"F720EC9F-6A33-445F-AFA1-794405737E57"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:arm64:*","versionEndExcluding":"10.0.19045.6809","matchCriteriaId":"85E22F96-B552-4BBA-AFA1-85C1FC55DB32"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x64:*","versionEndExcluding":"10.0.19045.6809","matchCriteriaId":"5ACD940D-CA6A-402B-B132-E5A66139C44F"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x86:*","versionEndExcluding":"10.0.19045.6809","matchCriteriaId":"354AD10F-EEF4-461D-BDBB-245B97E3D420"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:arm64:*","versionEndExcluding":"10.0.22631.6491","matchCriteriaId":"7D2B0BB9-E94A-420E-8E53-A4C1136DE73E"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:x64:*","versionEndExcluding":"10.0.22631.6491","matchCriteriaId":"78C4B71B-5345-4D83-A0A9-A15F783CF9A9"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:arm64:*","versionEndExcluding":"10.0.26100.7623","matchCriteriaId":"208734FD-5175-4856-9D08-ED6CFF64AA14"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:x64:*","versionEndExcluding":"10.0.26100.7623","matchCriteriaId":"846261D4-ECC2-4DCB-8F8F-F27F8C99F061"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:arm64:*","versionEndExcluding":"10.0.26200.7623","matchCriteriaId":"33E138A3-968B-4109-AC13-D488685F0AF2"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:x64:*","versionEndExcluding":"10.0.26200.7623","matchCriteriaId":"CC1FE5A1-3E6E-4606-899B-BF7BF3D3DD8D"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*","matchCriteriaId":"A7DF96F8-BA6A-4780-9CA3-F719B3F81074"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*","matchCriteriaId":"DB18C4CE-5917-401E-ACF7-2747084FD36E"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*","versionEndExcluding":"10.0.14393.8783","matchCriteriaId":"A059E609-F8D4-4246-BDAE-0AEDED1744D2"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*","versionEndExcluding":"10.0.17763.8276","matchCriteriaId":"A74970A1-CC81-4482-B465-8382B1544EF3"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*","versionEndExcluding":"10.0.20348.4648","matchCriteriaId":"C4AA6991-DE34-48F6-AFD3-77CEE7FBB692"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*","versionEndExcluding":"10.0.25398.2092","matchCriteriaId":"BA5947E0-C44C-4517-A307-DA79752F30A8"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*","versionEndExcluding":"10.0.26100.32230","matchCriteriaId":"D44880ED-E8E9-49A8-BD56-503C63D40000"}]}]}],"references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21265","source":"secure@microsoft.com","tags":["Vendor Advisory"]}]}}]}