{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-27913", "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "state": "PUBLISHED", "assignerShortName": "microsoft", "dateReserved": "2026-02-24T21:35:49.686Z", "datePublished": "2026-04-14T16:58:08.294Z", "dateUpdated": "2026-04-17T16:13:00.347Z"}, "containers": {"cna": {"title": "Windows BitLocker Security Feature Bypass Vulnerability", "datePublic": "2026-04-14T14:00:00.000Z", "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*", "versionStartIncluding": "10.0.17763.0", "versionEndExcluding": "10.0.17763.8644"}, {"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_server_23h2:*:*:*:*:*:*:*:*", "versionStartIncluding": "10.0.25398.0", "versionEndExcluding": "10.0.25398.2274"}, {"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*", "versionStartIncluding": "10.0.14393.0", "versionEndExcluding": "10.0.14393.9060"}, {"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*", "versionStartIncluding": "10.0.14393.0", "versionEndExcluding": "10.0.14393.9060"}, {"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*", "versionStartIncluding": "10.0.17763.0", "versionEndExcluding": "10.0.17763.8644"}, {"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*", "versionStartIncluding": "10.0.20348.0", "versionEndExcluding": "10.0.20348.5020"}, {"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:x64:*", "versionStartIncluding": "6.2.9200.0", "versionEndExcluding": "6.2.9200.26026"}, {"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:x64:*", "versionStartIncluding": "6.2.9200.0", "versionEndExcluding": "6.2.9200.26026"}, {"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_server_2012_R2:*:*:*:*:*:*:x64:*", "versionStartIncluding": "6.3.9600.0", "versionEndExcluding": "6.3.9600.23132"}, {"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_server_2012_R2:*:*:*:*:*:*:x64:*", "versionStartIncluding": "6.3.9600.0", "versionEndExcluding": "6.3.9600.23132"}]}]}], "affected": [{"vendor": "Microsoft", "product": "Windows Server 2012", "platforms": ["x64-based Systems"], "versions": [{"version": "6.2.9200.0", "lessThan": "6.2.9200.26026", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Windows Server 2012 (Server Core installation)", "platforms": ["x64-based Systems"], "versions": [{"version": "6.2.9200.0", "lessThan": "6.2.9200.26026", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Windows Server 2012 R2", "platforms": ["x64-based Systems"], "versions": [{"version": "6.3.9600.0", "lessThan": "6.3.9600.23132", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Windows Server 2012 R2 (Server Core installation)", "platforms": ["x64-based Systems"], "versions": [{"version": "6.3.9600.0", "lessThan": "6.3.9600.23132", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Windows Server 2016", "platforms": ["x64-based Systems"], "versions": [{"version": "10.0.14393.0", "lessThan": "10.0.14393.9060", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Windows Server 2016 (Server Core installation)", "platforms": ["x64-based Systems"], "versions": [{"version": "10.0.14393.0", "lessThan": "10.0.14393.9060", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Windows Server 2019", "platforms": ["x64-based Systems"], "versions": [{"version": "10.0.17763.0", "lessThan": "10.0.17763.8644", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Windows Server 2019 (Server Core installation)", "platforms": ["x64-based Systems"], "versions": [{"version": "10.0.17763.0", "lessThan": "10.0.17763.8644", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Windows Server 2022", "platforms": ["x64-based Systems"], "versions": [{"version": "10.0.20348.0", "lessThan": "10.0.20348.5020", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Windows Server 2022, 23H2 Edition (Server Core installation)", "platforms": ["x64-based Systems"], "versions": [{"version": "10.0.25398.0", "lessThan": "10.0.25398.2274", "versionType": "custom", "status": "affected"}]}], "descriptions": [{"value": "Improper input validation in Windows BitLocker allows an unauthorized attacker to bypass a security feature locally.", "lang": "en-US"}], "problemTypes": [{"descriptions": [{"description": "CWE-20: Improper Input Validation", "lang": "en-US", "type": "CWE", "cweId": "CWE-20"}]}], "providerMetadata": {"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft", "dateUpdated": "2026-04-17T16:13:00.347Z"}, "references": [{"name": "Windows BitLocker Security Feature Bypass Vulnerability", "tags": ["vendor-advisory", "patch"], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-27913"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en-US", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "baseSeverity": "HIGH", "baseScore": 7.7, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C"}}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-27913", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-04-15T03:57:23.079729Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-15T09:13:14.870Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-27913", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-04-15T03:57:23.079729Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-15T09:08:27.122Z"}}], "cna": {"title": "Windows BitLocker Security Feature Bypass Vulnerability", "metrics": [{"format": "CVSS", "cvssV3_1": {"version": "3.1", "baseScore": 7.7, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C"}, "scenarios": [{"lang": "en-US", "value": "GENERAL"}]}], "affected": [{"vendor": "Microsoft", "product": "Windows Server 2012", "versions": [{"status": "affected", "version": "6.2.9200.0", "lessThan": "6.2.9200.26026", "versionType": "custom"}], "platforms": ["x64-based Systems"]}, {"vendor": "Microsoft", "product": "Windows Server 2012 (Server Core installation)", "versions": [{"status": "affected", "version": "6.2.9200.0", "lessThan": "6.2.9200.26026", "versionType": "custom"}], "platforms": ["x64-based Systems"]}, {"vendor": "Microsoft", "product": "Windows Server 2012 R2", "versions": [{"status": "affected", "version": "6.3.9600.0", "lessThan": "6.3.9600.23132", "versionType": "custom"}], "platforms": ["x64-based Systems"]}, {"vendor": "Microsoft", "product": "Windows Server 2012 R2 (Server Core installation)", "versions": [{"status": "affected", "version": "6.3.9600.0", "lessThan": "6.3.9600.23132", "versionType": "custom"}], "platforms": ["x64-based Systems"]}, {"vendor": "Microsoft", "product": "Windows Server 2016", "versions": [{"status": "affected", "version": "10.0.14393.0", "lessThan": "10.0.14393.9060", "versionType": "custom"}], "platforms": ["x64-based Systems"]}, {"vendor": "Microsoft", "product": "Windows Server 2016 (Server Core installation)", "versions": [{"status": "affected", "version": "10.0.14393.0", "lessThan": "10.0.14393.9060", "versionType": "custom"}], "platforms": ["x64-based Systems"]}, {"vendor": "Microsoft", "product": "Windows Server 2019", "versions": [{"status": "affected", "version": "10.0.17763.0", "lessThan": "10.0.17763.8644", "versionType": "custom"}], "platforms": ["x64-based Systems"]}, {"vendor": "Microsoft", "product": "Windows Server 2019 (Server Core installation)", "versions": [{"status": "affected", "version": "10.0.17763.0", "lessThan": "10.0.17763.8644", "versionType": "custom"}], "platforms": ["x64-based Systems"]}, {"vendor": "Microsoft", "product": "Windows Server 2022", "versions": [{"status": "affected", "version": "10.0.20348.0", "lessThan": "10.0.20348.5020", "versionType": "custom"}], "platforms": ["x64-based Systems"]}, {"vendor": "Microsoft", "product": "Windows Server 2022, 23H2 Edition (Server Core installation)", "versions": [{"status": "affected", "version": "10.0.25398.0", "lessThan": "10.0.25398.2274", "versionType": "custom"}], "platforms": ["x64-based Systems"]}], "datePublic": "2026-04-14T14:00:00.000Z", "references": [{"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-27913", "name": "Windows BitLocker Security Feature Bypass Vulnerability", "tags": ["vendor-advisory", "patch"]}], "descriptions": [{"lang": "en-US", "value": "Improper input validation in Windows BitLocker allows an unauthorized attacker to bypass a security feature locally."}], "problemTypes": [{"descriptions": [{"lang": "en-US", "type": "CWE", "cweId": "CWE-20", "description": "CWE-20: Improper Input Validation"}]}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "10.0.17763.8644", "versionStartIncluding": "10.0.17763.0"}, {"criteria": "cpe:2.3:o:microsoft:windows_server_23h2:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "10.0.25398.2274", "versionStartIncluding": "10.0.25398.0"}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "10.0.14393.9060", "versionStartIncluding": "10.0.14393.0"}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "10.0.14393.9060", "versionStartIncluding": "10.0.14393.0"}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "10.0.17763.8644", "versionStartIncluding": "10.0.17763.0"}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "10.0.20348.5020", "versionStartIncluding": "10.0.20348.0"}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:x64:*", "vulnerable": true, "versionEndExcluding": "6.2.9200.26026", "versionStartIncluding": "6.2.9200.0"}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:x64:*", "vulnerable": true, "versionEndExcluding": "6.2.9200.26026", "versionStartIncluding": "6.2.9200.0"}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2012_R2:*:*:*:*:*:*:x64:*", "vulnerable": true, "versionEndExcluding": "6.3.9600.23132", "versionStartIncluding": "6.3.9600.0"}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2012_R2:*:*:*:*:*:*:x64:*", "vulnerable": true, "versionEndExcluding": "6.3.9600.23132", "versionStartIncluding": "6.3.9600.0"}], "operator": "OR"}]}], "providerMetadata": {"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft", "dateUpdated": "2026-04-17T16:13:00.347Z"}}}, "cveMetadata": {"cveId": "CVE-2026-27913", "state": "PUBLISHED", "dateUpdated": "2026-04-17T16:13:00.347Z", "dateReserved": "2026-02-24T21:35:49.686Z", "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "datePublished": "2026-04-14T16:58:08.294Z", "assignerShortName": "microsoft"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Improper input validation in Windows BitLocker allows an unauthorized attacker to bypass a security feature locally."}], "id": "CVE-2026-27913", "lastModified": "2026-04-17T15:10:35.607", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 7.7, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.5, "impactScore": 5.2, "source": "secure@microsoft.com", "type": "Primary"}]}, "published": "2026-04-14T18:16:58.860", "references": [{"source": "secure@microsoft.com", "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-27913"}], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "secure@microsoft.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": ["x64-based_systems"], "status": "affected", "versions": {"scheme": "generic", "value": "[6.2.9200.0,6.2.9200.26026)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "Windows Server 2012", "source": "cna", "vendor": "Microsoft"}, "product": "windows_server_2012", "vendor": "microsoft"}, {"configurations": [{"platform": ["x64-based_systems"], "status": "affected", "versions": {"scheme": "generic", "value": "[6.2.9200.0,6.2.9200.26026)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "Windows Server 2012 (Server Core installation)", "source": "cna", "vendor": "Microsoft"}, "product": "windows_server_2012_(server_core_installation)", "vendor": "microsoft"}, {"configurations": [{"platform": ["x64-based_systems"], "status": "affected", "versions": {"scheme": "generic", "value": "[6.3.9600.0,6.3.9600.23132)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "Windows Server 2012 R2", "source": "cna", "vendor": "Microsoft"}, "product": "windows_server_2012_r2", "vendor": "microsoft"}, {"configurations": [{"platform": ["x64-based_systems"], "status": "affected", "versions": {"scheme": "generic", "value": "[6.3.9600.0,6.3.9600.23132)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "Windows Server 2012 R2 (Server Core installation)", "source": "cna", "vendor": "Microsoft"}, "product": "windows_server_2012_r2_(server_core_installation)", "vendor": "microsoft"}, {"configurations": [{"platform": ["x64-based_systems"], "status": "affected", "versions": {"scheme": "generic", "value": "[10.0.14393.0,10.0.14393.9060)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "Windows Server 2016", "source": "cna", "vendor": "Microsoft"}, "product": "windows_server_2016", "vendor": "microsoft"}, {"configurations": [{"platform": ["x64-based_systems"], "status": "affected", "versions": {"scheme": "generic", "value": "[10.0.14393.0,10.0.14393.9060)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "Windows Server 2016 (Server Core installation)", "source": "cna", "vendor": "Microsoft"}, "product": "windows_server_2016_(server_core_installation)", "vendor": "microsoft"}, {"configurations": [{"platform": ["x64-based_systems"], "status": "affected", "versions": {"scheme": "generic", "value": "[10.0.17763.0,10.0.17763.8644)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "Windows Server 2019", "source": "cna", "vendor": "Microsoft"}, "product": "windows_server_2019", "vendor": "microsoft"}, {"configurations": [{"platform": ["x64-based_systems"], "status": "affected", "versions": {"scheme": "generic", "value": "[10.0.17763.0,10.0.17763.8644)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "Windows Server 2019 (Server Core installation)", "source": "cna", "vendor": "Microsoft"}, "product": "windows_server_2019_(server_core_installation)", "vendor": "microsoft"}, {"configurations": [{"platform": ["x64-based_systems"], "status": "affected", "versions": {"scheme": "generic", "value": "[10.0.20348.0,10.0.20348.5020)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "Windows Server 2022", "source": "cna", "vendor": "Microsoft"}, "product": "windows_server_2022", "vendor": "microsoft"}, {"configurations": [{"platform": ["x64-based_systems"], "status": "affected", "versions": {"scheme": "generic", "value": "[10.0.25398.0,10.0.25398.2274)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "Windows Server 2022, 23H2 Edition (Server Core installation)", "source": "cna", "vendor": "Microsoft"}, "product": "windows_server_2022,_23h2_edition_(server_core_installation)", "vendor": "microsoft"}], "analysis": {"en": {"generated_at": "2026-04-14T19:51:24.654319+00:00", "value": {"mitigation_remediation": ["Apply the latest Windows Server security update for CVE-2026-27913 from Microsoft as listed in the Microsoft Security Update Guide", "Verify that the patch has been successfully installed by checking the system\u2019s update history"], "summary": {"action": "Patch Immediately", "impact": "Local security feature bypass in Windows BitLocker"}, "threat_synthesis": {"affected_systems": "Microsoft Windows Server versions 2012, 2012\u202fR2, 2016, 2019, 2022, and the 23H2 edition, including all Server Core installations, are affected as indicated in the advisory.", "description_and_impact": "Improper input validation in Windows BitLocker allows a local attacker to bypass a critical security feature. The flaw can enable manipulation or negation of the encryption safeguards protecting volumes, potentially exposing the data stored on those disks and compromising confidentiality. The weakness, classified as CWE\u201120, signifies unsafe handling of input that leads to failure in enforcing protective controls.", "risk_and_exploitability": "The CVSS base score of 7.7 reflects a moderate\u2011to\u2011high severity. Exploitation requires local presence, meaning the attacker must have user or administrative access on the affected machine to supply the malformed input. No evidence of exploitation exists in the KEV catalog and EPSS data is unavailable, suggesting limited known usage but a potentially significant impact if abused. The local attack vector and necessity for local authority imply that internal threat actors or compromised accounts pose the primary risk."}}}}, "created": "2026-04-15T14:31:56.918264+00:00", "updated": "2026-04-15T14:45:03.398287+00:00", "vendors": ["microsoft", "microsoft$PRODUCT$windows_server_2012", "microsoft$PRODUCT$windows_server_2012_(server_core_installation)", "microsoft$PRODUCT$windows_server_2012_r2", "microsoft$PRODUCT$windows_server_2012_r2_(server_core_installation)", "microsoft$PRODUCT$windows_server_2016", "microsoft$PRODUCT$windows_server_2016_(server_core_installation)", "microsoft$PRODUCT$windows_server_2019", "microsoft$PRODUCT$windows_server_2019_(server_core_installation)", "microsoft$PRODUCT$windows_server_2022", "microsoft$PRODUCT$windows_server_2022,_23h2_edition_(server_core_installation)"]}