{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-27928", "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "state": "PUBLISHED", "assignerShortName": "microsoft", "dateReserved": "2026-02-24T21:35:49.688Z", "datePublished": "2026-04-14T16:58:13.895Z", "dateUpdated": "2026-05-12T17:39:09.030Z"}, "containers": {"cna": {"title": "Windows Hello Security Feature Bypass Vulnerability", "datePublic": "2026-04-14T14:00:00.000Z", "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*", "versionStartIncluding": "10.0.17763.0", "versionEndExcluding": "10.0.17763.8644"}, {"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*", "versionStartIncluding": "10.0.17763.0", "versionEndExcluding": "10.0.17763.8644"}, {"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*", "versionStartIncluding": "10.0.20348.0", "versionEndExcluding": "10.0.20348.5020"}, {"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*", "versionStartIncluding": "10.0.26100.0", "versionEndExcluding": "10.0.26100.32690"}, {"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_server_23h2:*:*:*:*:*:*:*:*", "versionStartIncluding": "10.0.25398.0", "versionEndExcluding": "10.0.25398.2274"}, {"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*", "versionStartIncluding": "10.0.26100.0", "versionEndExcluding": "10.0.26100.32690"}, {"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*", "versionStartIncluding": "10.0.14393.0", "versionEndExcluding": "10.0.14393.9060"}, {"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*", "versionStartIncluding": "10.0.14393.0", "versionEndExcluding": "10.0.14393.9060"}]}]}], "affected": [{"vendor": "Microsoft", "product": "Windows Server 2016", "platforms": ["x64-based Systems"], "versions": [{"version": "10.0.14393.0", "lessThan": "10.0.14393.9060", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Windows Server 2016 (Server Core installation)", "platforms": ["x64-based Systems"], "versions": [{"version": "10.0.14393.0", "lessThan": "10.0.14393.9060", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Windows Server 2019", "platforms": ["x64-based Systems"], "versions": [{"version": "10.0.17763.0", "lessThan": "10.0.17763.8644", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Windows Server 2019 (Server Core installation)", "platforms": ["x64-based Systems"], "versions": [{"version": "10.0.17763.0", "lessThan": "10.0.17763.8644", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Windows Server 2022", "platforms": ["x64-based Systems"], "versions": [{"version": "10.0.20348.0", "lessThan": "10.0.20348.5020", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Windows Server 2022, 23H2 Edition (Server Core installation)", "platforms": ["x64-based Systems"], "versions": [{"version": "10.0.25398.0", "lessThan": "10.0.25398.2274", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Windows Server 2025", "platforms": ["x64-based Systems"], "versions": [{"version": "10.0.26100.0", "lessThan": "10.0.26100.32690", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Windows Server 2025 (Server Core installation)", "platforms": ["x64-based Systems"], "versions": [{"version": "10.0.26100.0", "lessThan": "10.0.26100.32690", "versionType": "custom", "status": "affected"}]}], "descriptions": [{"value": "Improper input validation in Windows Hello allows an unauthorized attacker to bypass a security feature over a network.", "lang": "en-US"}], "problemTypes": [{"descriptions": [{"description": "CWE-20: Improper Input Validation", "lang": "en-US", "type": "CWE", "cweId": "CWE-20"}]}], "providerMetadata": {"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft", "dateUpdated": "2026-05-12T17:39:09.030Z"}, "references": [{"name": "Windows Hello Security Feature Bypass Vulnerability", "tags": ["vendor-advisory", "patch"], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-27928"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en-US", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "baseSeverity": "HIGH", "baseScore": 8.7, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C"}}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-14T19:10:11.707317Z", "id": "CVE-2026-27928", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-14T19:10:18.327Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-27928", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-04-14T19:10:11.707317Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-14T19:10:14.586Z"}}], "cna": {"title": "Windows Hello Security Feature Bypass Vulnerability", "metrics": [{"format": "CVSS", "cvssV3_1": {"version": "3.1", "baseScore": 8.7, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C"}, "scenarios": [{"lang": "en-US", "value": "GENERAL"}]}], "affected": [{"vendor": "Microsoft", "product": "Windows Server 2016", "versions": [{"status": "affected", "version": "10.0.14393.0", "lessThan": "10.0.14393.9060", "versionType": "custom"}], "platforms": ["x64-based Systems"]}, {"vendor": "Microsoft", "product": "Windows Server 2016 (Server Core installation)", "versions": [{"status": "affected", "version": "10.0.14393.0", "lessThan": "10.0.14393.9060", "versionType": "custom"}], "platforms": ["x64-based Systems"]}, {"vendor": "Microsoft", "product": "Windows Server 2019", "versions": [{"status": "affected", "version": "10.0.17763.0", "lessThan": "10.0.17763.8644", "versionType": "custom"}], "platforms": ["x64-based Systems"]}, {"vendor": "Microsoft", "product": "Windows Server 2019 (Server Core installation)", "versions": [{"status": "affected", "version": "10.0.17763.0", "lessThan": "10.0.17763.8644", "versionType": "custom"}], "platforms": ["x64-based Systems"]}, {"vendor": "Microsoft", "product": "Windows Server 2022", "versions": [{"status": "affected", "version": "10.0.20348.0", "lessThan": "10.0.20348.5020", "versionType": "custom"}], "platforms": ["x64-based Systems"]}, {"vendor": "Microsoft", "product": "Windows Server 2022, 23H2 Edition (Server Core installation)", "versions": [{"status": "affected", "version": "10.0.25398.0", "lessThan": "10.0.25398.2274", "versionType": "custom"}], "platforms": ["x64-based Systems"]}, {"vendor": "Microsoft", "product": "Windows Server 2025", "versions": [{"status": "affected", "version": "10.0.26100.0", "lessThan": "10.0.26100.32690", "versionType": "custom"}], "platforms": ["x64-based Systems"]}, {"vendor": "Microsoft", "product": "Windows Server 2025 (Server Core installation)", "versions": [{"status": "affected", "version": "10.0.26100.0", "lessThan": "10.0.26100.32690", "versionType": "custom"}], "platforms": ["x64-based Systems"]}], "datePublic": "2026-04-14T14:00:00.000Z", "references": [{"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-27928", "name": "Windows Hello Security Feature Bypass Vulnerability", "tags": ["vendor-advisory", "patch"]}], "descriptions": [{"lang": "en-US", "value": "Improper input validation in Windows Hello allows an unauthorized attacker to bypass a security feature over a network."}], "problemTypes": [{"descriptions": [{"lang": "en-US", "type": "CWE", "cweId": "CWE-20", "description": "CWE-20: Improper Input Validation"}]}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "10.0.17763.8644", "versionStartIncluding": "10.0.17763.0"}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "10.0.17763.8644", "versionStartIncluding": "10.0.17763.0"}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "10.0.20348.5020", "versionStartIncluding": "10.0.20348.0"}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "10.0.26100.32690", "versionStartIncluding": "10.0.26100.0"}, {"criteria": "cpe:2.3:o:microsoft:windows_server_23h2:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "10.0.25398.2274", "versionStartIncluding": "10.0.25398.0"}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "10.0.26100.32690", "versionStartIncluding": "10.0.26100.0"}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "10.0.14393.9060", "versionStartIncluding": "10.0.14393.0"}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "10.0.14393.9060", "versionStartIncluding": "10.0.14393.0"}], "operator": "OR"}]}], "providerMetadata": {"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft", "dateUpdated": "2026-05-12T17:39:09.030Z"}}}, "cveMetadata": {"cveId": "CVE-2026-27928", "state": "PUBLISHED", "dateUpdated": "2026-05-12T17:39:09.030Z", "dateReserved": "2026-02-24T21:35:49.688Z", "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "datePublished": "2026-04-14T16:58:13.895Z", "assignerShortName": "microsoft"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*", "matchCriteriaId": "982DB0CA-5196-4E42-B2F7-994BE8179715", "versionEndExcluding": "10.0.14393.9060", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*", "matchCriteriaId": "647CF9B5-8898-469B-9C09-D372A7843187", "versionEndExcluding": "10.0.17763.8644", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*", "matchCriteriaId": "DC6837B7-5DFD-4AF7-B436-3C6FEF48BA60", "versionEndExcluding": "10.0.20348.5020", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*", "matchCriteriaId": "55A1F3AB-5299-4495-9A73-FDA23C6FD88D", "versionEndExcluding": "10.0.25398.2274", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*", "matchCriteriaId": "ADF41A14-B9DA-4788-82A8-74DCDCD090E1", "versionEndExcluding": "10.0.26100.32690", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Improper input validation in Windows Hello allows an unauthorized attacker to bypass a security feature over a network."}], "id": "CVE-2026-27928", "lastModified": "2026-04-22T17:36:40.780", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.7, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 5.8, "source": "secure@microsoft.com", "type": "Primary"}]}, "published": "2026-04-14T18:17:04.170", "references": [{"source": "secure@microsoft.com", "tags": ["Vendor Advisory"], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-27928"}], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "secure@microsoft.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": ["x64-based_systems"], "status": "affected", "versions": {"scheme": "generic", "value": "[10.0.14393.0,10.0.14393.9060)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "Windows Server 2016", "source": "cna", "vendor": "Microsoft"}, "product": "windows_server_2016", "vendor": "microsoft"}, {"configurations": [{"platform": ["x64-based_systems"], "status": "affected", "versions": {"scheme": "generic", "value": "[10.0.14393.0,10.0.14393.9060)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "Windows Server 2016 (Server Core installation)", "source": "cna", "vendor": "Microsoft"}, "product": "windows_server_2016_(server_core_installation)", "vendor": "microsoft"}, {"configurations": [{"platform": ["x64-based_systems"], "status": "affected", "versions": {"scheme": "generic", "value": "[10.0.17763.0,10.0.17763.8644)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "Windows Server 2019", "source": "cna", "vendor": "Microsoft"}, "product": "windows_server_2019", "vendor": "microsoft"}, {"configurations": [{"platform": ["x64-based_systems"], "status": "affected", "versions": {"scheme": "generic", "value": "[10.0.17763.0,10.0.17763.8644)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "Windows Server 2019 (Server Core installation)", "source": "cna", "vendor": "Microsoft"}, "product": "windows_server_2019_(server_core_installation)", "vendor": "microsoft"}, {"configurations": [{"platform": ["x64-based_systems"], "status": "affected", "versions": {"scheme": "generic", "value": "[10.0.25398.0,10.0.25398.2274)"}}], "enrichment": {"confidence": 95.0, "confidence_source": "inferred", "scores": [{"score": 95.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Windows Server 2022, 23H2 Edition (Server Core installation)", "source": "cna", "vendor": "Microsoft"}, "product": "windows_server_2022", "vendor": "microsoft"}, {"configurations": [{"platform": ["x64-based_systems"], "status": "affected", "versions": {"scheme": "generic", "value": "[10.0.20348.0,10.0.20348.5020)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "Windows Server 2022", "source": "cna", "vendor": "Microsoft"}, "product": "windows_server_2022", "vendor": "microsoft"}, {"configurations": [{"platform": ["x64-based_systems"], "status": "affected", "versions": {"scheme": "generic", "value": "[10.0.25398.0,10.0.25398.2274)"}}], "enrichment": {"confidence": 82.0, "confidence_source": "matching", "scores": [{"score": 95.0, "source": "inferred"}, {"score": 82.0, "source": "matching"}]}, "original": {"product": "Windows Server 2022, 23H2 Edition (Server Core installation)", "source": "cna", "vendor": "Microsoft"}, "product": "windows_server_2022,_23h2_edition_(server_core_installation)", "vendor": "microsoft"}, {"configurations": [{"platform": ["x64-based_systems"], "status": "affected", "versions": {"scheme": "generic", "value": "[10.0.26100.0,10.0.26100.32690)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "Windows Server 2025", "source": "cna", "vendor": "Microsoft"}, "product": "windows_server_2025", "vendor": "microsoft"}, {"configurations": [{"platform": ["x64-based_systems"], "status": "affected", "versions": {"scheme": "generic", "value": "[10.0.26100.0,10.0.26100.32690)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "Windows Server 2025 (Server Core installation)", "source": "cna", "vendor": "Microsoft"}, "product": "windows_server_2025_(server_core_installation)", "vendor": "microsoft"}], "analysis": {"en": {"generated_at": "2026-04-14T19:50:47.555770+00:00", "value": {"mitigation_remediation": ["Download and install the Microsoft update that addresses CVE\u20112026\u201127928 from the official Security Update Guide.", "Restart the server to apply the patch changes.", "Verify the installation by checking the update history or querying installed hotfixes.", "If the patch cannot be applied immediately, disable Windows Hello on the affected servers or enforce alternate credential methods until the update is installed.", "Keep monitoring the Microsoft advisory for any additional guidance or further patches."], "summary": {"action": "Patch", "impact": "Security Feature Bypass"}, "threat_synthesis": {"affected_systems": "The vulnerability affects Microsoft Windows Server products from 2016 through 2025, including the standard and Server Core editions for 2016, 2019, 2022 (23H2), and 2025. Windows Hello on these server editions is the component impacted by the flaw.", "description_and_impact": "Windows Hello contains an input validation flaw that permits an attacker to send malformed data over a network, enabling a bypass of the biometric authentication process. This flaw allows unauthorized users to circumvent the standard Windows Hello security boundary, potentially gaining access without proper credential verification. The weakness aligns with the Input Validation category (CWE\u201120).", "risk_and_exploitability": "The CVSS score of 8.7 indicates a high impact on confidentiality, integrity, and availability, with a medium-to-high Exploitability rating. The description specifies a network\u2011based attack vector; an attacker only needs network access to the target to supply the crafted input, and no elevated local privileges are required. EPSS data is not available, and the vulnerability is not listed in the CISA KEV catalog, but given its high severity and network delivery, the risk to exposed services is significant."}}}}, "created": "2026-04-15T14:45:03.396567+00:00", "updated": "2026-04-15T20:45:06.129753+00:00", "vendors": ["microsoft", "microsoft$PRODUCT$windows_server_2016", "microsoft$PRODUCT$windows_server_2016_(server_core_installation)", "microsoft$PRODUCT$windows_server_2019", "microsoft$PRODUCT$windows_server_2019_(server_core_installation)", "microsoft$PRODUCT$windows_server_2022", "microsoft$PRODUCT$windows_server_2022,_23h2_edition_(server_core_installation)", "microsoft$PRODUCT$windows_server_2025", "microsoft$PRODUCT$windows_server_2025_(server_core_installation)"]}