What is CVE-2026-21265?

CVE-2026-21265 is a medium-severity vulnerability in Microsoft Windows 10 Version 1607, classified under CWE-1329. CVSS score: 6.4/10. Published 2026-01-13.

How severe is CVE-2026-21265?

Medium severity. CVSS v3 base score is 6.4 out of 10.

Vulnerability in Microsoft Windows 10 Version 1607

CVE-2026-21265

Windows Secure Boot stores Microsoft certificates in the UEFI KEK and DB. These original certificates are approaching expiration, and devices containing affected certificate versions must update them to maintain Secure Boot functionality a…

EPSS: 0.008 (74.6th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.4 (Medium). Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C.

Affected products

Microsoft Windows 10 Version 1607 — versions 10.0.14393.0
Microsoft Windows 10 Version 1809 — versions 10.0.17763.0
Microsoft Windows 10 Version 21h2 — versions 10.0.19044.0
Microsoft Windows 10 Version 22h2 — versions 10.0.19045.0
Microsoft Windows 11 Version 22h3 — versions 10.0.22631.0
Microsoft Windows 11 Version 23h2 — versions 10.0.22631.0
Microsoft Windows 11 Version 24h2 — versions 10.0.26100.0
Microsoft Windows 11 Version 25h2 — versions 10.0.26200.0
Microsoft Windows Server 2012 — versions 6.2.9200.0
Microsoft Windows Server 2012 R2 — versions 6.3.9600.0

Weakness classification (CWE)

CWE-1329

References

Secure Boot Certificate Expiration Security Feature Bypass Vulnerability (vendor-advisory, patch)

Frequently asked questions

What is CVE-2026-21265?: CVE-2026-21265 is a medium-severity vulnerability in Microsoft Windows 10 Version 1607, classified under CWE-1329. CVSS score: 6.4/10. Published 2026-01-13.
How severe is CVE-2026-21265?: Medium severity. CVSS v3 base score is 6.4 out of 10.