CVE-2026-41097

Analyzed Analyzed - Analysis Complete

BaseFortify

Publication date: 2026-05-12

Last updated on: 2026-05-15

Assigner: Microsoft Corporation

Description

Reliance on a component that is not updateable in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published

2026-05-12

Last Modified

2026-05-15

Generated

2026-06-30

EPSS Evaluated

2026-06-28

NVD

Affected Vendors & Products

Vendor	Product	Version / Range
microsoft	windows_10_1809	to 10.0.17763.8755 (exc)
microsoft	windows_10_21h2	to 10.0.19044.7291 (exc)
microsoft	windows_10_22h2	to 10.0.19045.7291 (exc)
microsoft	windows_11_23h2	to 10.0.22631.7079 (exc)
microsoft	windows_11_24h2	to 10.0.26100.8390 (exc)
microsoft	windows_11_25h2	to 10.0.26200.8390 (exc)
microsoft	windows_11_26h1	to 10.0.28000.2113 (exc)
microsoft	windows_server_2019	to 10.0.17763.8755 (exc)
microsoft	windows_server_2022	to 10.0.20348.5074 (exc)
microsoft	windows_server_2022_23h2	to 10.0.25398.2330 (exc)
microsoft	windows_server_2025	to 10.0.26100.32772 (exc)

Helpful Resources

Exploitability

CWE

KEV

CWE ID	Description
CWE-1329	The product contains a component that cannot be updated or patched in order to remove vulnerabilities or significant bugs.

Attack-Flow Graph

AI Quick Actions have not been generated yet.

Hi! I’m here to help you understand CVE-2026-41097. Ask me anything about the vulnerability, its impact, or mitigation strategies.

0/70

EPSS Chart

Thank you illustration

Thank you for your feedback!

Your input helps us improve and create a better experience for you. We appreciate your time!