4.4
CVE-2026-27906
- EPSS 0.09%
- Veröffentlicht 14.04.2026 16:57:08
- Zuletzt bearbeitet 23.04.2026 17:46:58
- Quelle secure@microsoft.com
- CVE-Watchlists
- Unerledigt
Windows Hello Security Feature Bypass Vulnerability
Improper input validation in Windows Hello allows an authorized attacker to bypass a security feature locally.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Microsoft ≫ Windows 10 21h2 HwPlatformarm64 Version < 10.0.19044.7184
Microsoft ≫ Windows 10 21h2 HwPlatformx64 Version < 10.0.19044.7184
Microsoft ≫ Windows 10 21h2 HwPlatformx86 Version < 10.0.19044.7184
Microsoft ≫ Windows 10 22h2 HwPlatformarm64 Version < 10.0.19045.7184
Microsoft ≫ Windows 10 22h2 HwPlatformx64 Version < 10.0.19045.7184
Microsoft ≫ Windows 10 22h2 HwPlatformx86 Version < 10.0.19045.7184
Microsoft ≫ Windows 11 23h2 HwPlatformarm64 Version < 10.0.22631.6936
Microsoft ≫ Windows 11 23h2 HwPlatformx64 Version < 10.0.22631.6936
Microsoft ≫ Windows 11 24h2 HwPlatformarm64 Version < 10.0.26100.8246
Microsoft ≫ Windows 11 24h2 HwPlatformx64 Version < 10.0.26100.8246
Microsoft ≫ Windows 11 25h2 HwPlatformarm64 Version < 10.0.26200.8246
Microsoft ≫ Windows 11 25h2 HwPlatformx64 Version < 10.0.26200.8246
Microsoft ≫ Windows 11 26h1 HwPlatformarm64 Version < 10.0.28000.1836
Microsoft ≫ Windows 11 26h1 HwPlatformx64 Version < 10.0.28000.1836
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.09% | 0.252 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| secure@microsoft.com | 4.4 | 0.8 | 3.6 |
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.