Windows Hello Bypass Vulnerability in Windows

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

4.4

Windows Hello Bypass Vulnerability in Windows

CVE-2026-27906

Summary

An attacker with local access can bypass Windows Hello security by entering invalid input, potentially allowing them to access your device or data. This vulnerability affects Windows devices that use Windows Hello for biometric authentication. To protect your device, ensure to keep your operating system and software up to date with the latest security patches.

Original title

Improper input validation in Windows Hello allows an authorized attacker to bypass a security feature locally.

Original description

Improper input validation in Windows Hello allows an authorized attacker to bypass a security feature locally.

nvd CVSS3.1 4.4

Vulnerability type

CWE-20 Improper Input Validation

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-27906

Published: 14 Apr 2026 · Updated: 15 Apr 2026 · First seen: 14 Apr 2026