Scan free
Pending AnalysisCVE-2026-27928

CVE-2026-27928: Network Bypass in Windows Hello

Platform

windows

Component

windows-hello

Fixed in

10.0.26100.32690

View on NVD
Save

CVE-2026-27928 describes an improper input validation vulnerability within Windows Hello. This flaw allows an unauthorized attacker to bypass a security feature over a network connection, potentially leading to unauthorized access. The vulnerability affects Windows 10 versions up to and including 10.0.26100.32690. Microsoft has released a security update to address this issue.

Impact and Attack Scenarios

The core impact of CVE-2026-27928 lies in the ability for a remote attacker to circumvent a security feature within Windows Hello. This bypass could allow an attacker to gain unauthorized access to a user's account or device without proper authentication. The attacker would need network access to the target system to exploit this vulnerability. While the specific security feature bypassed isn't detailed, the potential for unauthorized access represents a significant security risk, particularly in environments where Windows Hello is relied upon for strong authentication. Successful exploitation could lead to data breaches, system compromise, and further lateral movement within the network.

Exploitation Context

CVE-2026-27928 was published on April 14, 2026. Its severity is rated HIGH (CVSS: 8.7). Currently, there are no publicly available proof-of-concept exploits. The vulnerability is not listed on the CISA Known Exploited Vulnerabilities (KEV) catalog, and the EPSS score is pending evaluation. Active exploitation campaigns are not currently known.

Threat Intelligence

Exploit Status

Proof of ConceptUnknown
CISA KEVNO
Internet ExposureHigh

EPSS

0.08% (23% percentile)

CVSS Vector

THREAT INTELLIGENCE· CVSS 3.1CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C8.7HIGHAttack VectorNetworkHow the attacker reaches the targetAttack ComplexityHighConditions required to exploitPrivileges RequiredNoneAuthentication level needed to attackUser InteractionNoneWhether a victim must take actionScopeChangedImpact beyond the vulnerable componentConfidentialityHighRisk of sensitive data exposureIntegrityHighRisk of unauthorized data modificationAvailabilityNoneRisk of service disruptionnextguardhq.com · CVSS v3.1 Base Score
What do these metrics mean?
Attack Vector
Network — remotely exploitable over the internet. No physical or local access required. Widest attack surface.
Attack Complexity
High — requires a race condition, non-default configuration, or specific circumstances. Harder to exploit reliably.
Privileges Required
None — unauthenticated. No login or credentials needed to exploit.
User Interaction
None — attack is automatic and silent. Victim does nothing: no click, no file open.
Scope
Changed — successful attack can pivot beyond the vulnerable component to other systems or the host OS.
Confidentiality
High — complete confidentiality loss. Attacker can read all data: credentials, keys, personal data.
Integrity
High — attacker can write, modify, or delete any data: databases, config files, or code.
Availability
None — no availability impact. Service remains fully operational.

Affected Software

Componentwindows-hello
VendorMicrosoft
Maximum version10.0.26100.32690
Fixed in10.0.26100.32690

Weakness Classification (CWE)

CWE-20

Timeline

  1. Published
  2. Modified
  3. EPSS updated

Mitigation and Workarounds

The primary mitigation for CVE-2026-27928 is to upgrade affected Windows 10 systems to version 10.0.26100.32690 or later. Microsoft's security update directly addresses the improper input validation issue. If immediate patching is not feasible, consider segmenting the network to limit the attacker's ability to reach vulnerable systems. While a WAF or proxy cannot directly mitigate this vulnerability, they can help detect and block suspicious network traffic. Regularly review Windows Hello configuration settings to ensure they align with security best practices.

How to fix

Instale las actualizaciones de seguridad de Microsoft para proteger su sistema. Estas actualizaciones corrigen una vulnerabilidad que permite a un atacante no autorizado omitir una característica de seguridad de Windows Hello a través de una red.  Asegúrese de aplicar las actualizaciones lo antes posible para mitigar el riesgo.

Frequently asked questions

What is CVE-2026-27928 — Network Bypass in Windows Hello?

CVE-2026-27928 is a HIGH severity vulnerability affecting Windows Hello. It allows an attacker to bypass a security feature over a network, potentially leading to unauthorized access. The CVSS score is 8.7.

Am I affected by CVE-2026-27928 in Windows Hello?

You are affected if you are running Windows 10 versions ≤10.0.26100.32690. Check your system's version and apply the security update if necessary.

How do I fix CVE-2026-27928 in Windows Hello?

Upgrade your Windows 10 system to version 10.0.26100.32690 or later. This update directly addresses the improper input validation issue.

Is CVE-2026-27928 being actively exploited?

As of the current assessment, there are no known active exploitation campaigns targeting CVE-2026-27928.

Where can I find the official Microsoft advisory for CVE-2026-27928?

Refer to the official Microsoft Security Update Guide for CVE-2026-27928: [https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-27928](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-27928)

Is your project affected?

Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.

Scan freeSearch CVEs
livefree scan

Try it now — no account

Upload any manifest (composer.lock, package-lock.json, WordPress plugin list…) or paste your component list. You get a vulnerability report instantly. Uploading a file is just the start: with an account you get continuous monitoring, Slack/email alerts, multi-project and white-label reports.

Manual scanSlack/email alertsContinuous monitoringWhite-label reports

Drag & drop your dependency file

composer.lock, package-lock.json, requirements.txt, Gemfile.lock, pubspec.lock, Dockerfile...