Windows Biometric Service Can Be Bypassed with Physical Attack

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

6.1

Windows Biometric Service Can Be Bypassed with Physical Attack

CVE-2026-32088

Summary

An attacker can bypass security features in the Windows Biometric Service if they can execute multiple actions at the same time, potentially allowing unauthorized access. This requires a physical attack, and is a serious issue for systems that rely on biometric authentication. Users should update the Windows Biometric Service to the latest version to protect their systems.

Original title

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Biometric Service allows an unauthorized attacker to bypass a security feature with a physical...

Original description

nvd CVSS3.1 6.1

Vulnerability type

CWE-362 Race Condition

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32088

Published: 14 Apr 2026 · Updated: 15 Apr 2026 · First seen: 14 Apr 2026