CVE-2026-27913

CWE-20 — Improper Input Validation2 documents2 sources

Severity

7.7HIGH

EPSS

No EPSS data

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

9

Microsoft Windows Server 2012 Microsoft Windows Server 2012 (server Core Installation)Microsoft Windows Server 2012 R2 +6 more

Timeline

PublishedApr 14

Description

Improper input validation in Windows BitLocker allows an unauthorized attacker to bypass a security feature locally.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:NExploitability: 2.5 | Impact: 5.2

Affected Packages9 packages

▶CVEListV5microsoft/windows_server_20126.2.9200.0 — 6.2.9200.26026

▶CVEListV5microsoft/windows_server_201610.0.14393.0 — 10.0.14393.9060

▶CVEListV5microsoft/windows_server_201910.0.17763.0 — 10.0.17763.8644

▶CVEListV5microsoft/windows_server_202210.0.20348.0 — 10.0.20348.5020

▶CVEListV5microsoft/windows_server_2012_r26.3.9600.0 — 6.3.9600.23132

🔴Vulnerability Details

1

CVEList

Windows BitLocker Security Feature Bypass Vulnerability↗2026-04-14

▶

CVE-2026-27913 (HIGH CVSS 7.7) | Improper input validation in Window | cvebase.io