Nearly a dozen Unified Extensible Firmware Interface (UEFI) shim bootloaders signed by Microsoft allow attackers to bypass Secure Boot protections, ESET warns.
Small, trusted pieces of software bridge a computer motherboard’s UEFI firmware and the operating system, typically a Linux distribution, enabling the machine to boot with Secure Boot enabled.
By using Microsoft-signed UEFI shim bootloaders, Linux distributions can establish a trust model without requiring individual keys to be built into the motherboard’s NVRAM. The shims allow bootloaders, kernels, and other components to run during Secure Boot.
While various vulnerabilities have been addressed in the open source shim project over time, not all vendors updated their bootloaders, and these older shims remained signed and trusted within the Secure Boot chain, exposing systems to potential attacks.
According to ESET, 11 such old, forgotten UEFI shims, primarily from version 0.9 and earlier, lingered around until revoked by Microsoft on June 2026 Patch Tuesday. Two CVEs were assigned, namely CVE-2026-8863 and CVE-2026-10797.










