CVE-2026-27928

Q: Is Windows Server 2016 affected by CVE-2026-27928?

CVE-2026-27928 is a high-severity Windows Hello authentication bypass affecting Server 2016-2025 that allows unauthenticated remote attackers to circumvent biometric and PIN protections, potentially enabling lateral movement within the Windows security environment.

EUVD-2026-22481 HIGH

2026-04-14 microsoft

GHSA-6qx2-q8q2-jv3c

Authentication Bypass Microsoft Windows Server 2016 Windows Server 2016 Server Core Installation Windows Server 2019 Windows Server 2019 Server Core Installation Windows Server 2022 Windows Server 2022 23H2 Edition Server Core Installation Windows Server 2025 Windows Server 2025 Server Core Installation

8.7

CVSS 3.1

Temporal: 7.6

CVSS VectorNVD

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

High

Availability

None

Lifecycle Timeline

Analysis Generated

Apr 14, 2026 - 19:30 vuln.today

DescriptionNVD

Improper input validation in Windows Hello allows an unauthorized attacker to bypass a security feature over a network.

AnalysisAI

Windows Hello authentication bypass on Server 2016-2025 allows unauthenticated remote attackers to circumvent biometric/PIN security mechanisms over a network despite high attack complexity. CVSS 8.7 (Critical) with scope change indicates potential lateral movement from compromised Hello authentication into broader Windows security context. …

RemediationAI

Within 24 hours: Identify all Windows Server 2016, 2019, 2022, and 2025 instances in your environment and document current build versions. Within 7 days: Apply vendor-released patches to all affected systems-build 10.0.14393.9060 (Server 2016), 10.0.17763.8644 (Server 2019), 10.0.20348.5020 (Server 2022), 10.0.25398.2274 (Server 2022 23H2), and 10.0.26100.32690 (Server 2025). …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-27928 vulnerability details – vuln.today

Back

CVE-2026-27928

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code