Severity by source
Sources disagree (Medium–Critical)AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
vuln.today treats the vendor’s rating as authoritative. A higher third-party CVSS (e.g. CISA-ADP) is shown for transparency but does not drive the headline severity.
CVSS VectorNVD
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
4DescriptionNVD
Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.
AnalysisAI
Security feature bypass in Microsoft Windows BitLocker allows an attacker with physical access to circumvent the drive encryption protection mechanism. Affected systems can have BitLocker-protected data accessed despite the encryption-at-rest control being enabled, undermining a core platform confidentiality boundary. There is no public exploit identified at time of analysis, but the vulnerability is reported by Microsoft (secure@microsoft.com) as a protection mechanism failure with high impact across confidentiality, integrity, and availability.
Technical ContextAI
BitLocker is Microsoft's full-volume encryption feature that protects data at rest on Windows systems, typically leveraging a Trusted Platform Module (TPM) to seal the volume master key and release it only when the boot environment is in a known-good state. The CWE-284 (Improper Access Control) classification indicates that an access control or protection mechanism within BitLocker - likely the pre-boot authentication, TPM unsealing flow, or recovery key handling - fails to correctly enforce its security boundary. Because BitLocker relies on the integrity of the boot chain and hardware-rooted secrets, a failure in any link of that chain (e.g., DMA exposure, unsealing logic, or recovery path validation) can allow decrypted access to volumes that should remain sealed.
RemediationAI
Apply the Microsoft security update referenced in the MSRC advisory at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45658 as soon as patch details are published; patch available per vendor advisory, but exact fix version is not enumerated in the provided data and must be retrieved from the MSRC page for the affected Windows build. Until the update is deployed, defenders should enable BitLocker pre-boot authentication with a PIN or USB startup key (TPM+PIN) so that a stolen device cannot be unsealed by physical access alone - note this changes the user logon experience and complicates remote/unattended reboots. Additionally, ensure Secure Boot is enabled, disable unnecessary DMA-capable external ports (Thunderbolt/FireWire) via Group Policy or firmware, enable Kernel DMA Protection on supported hardware, and physically secure or remove drives from end-of-life and lost devices; the trade-off of disabling DMA ports is reduced peripheral functionality for users who rely on docking stations and external GPUs.
More in Windows 10 1607
View allWindows Internet Shortcut Files (.url) contain an external control vulnerability (CVE-2025-33053, CVSS 8.8) that enables
Windows SMB contains an improper access control vulnerability (CVE-2025-33073, CVSS 8.8) enabling authenticated attacker
Active Directory Domain Services contains an elevation of privilege vulnerability that allows authenticated domain users
Microsoft Scripting Engine contains a type confusion vulnerability allowing unauthorized remote code execution over the
Windows CLFS Driver contains an input validation flaw enabling local privilege escalation, yet another CLFS kernel vulne
Windows Ancillary Function Driver for WinSock contains a heap-based buffer overflow enabling local privilege escalation
Windows Shell contains a protection mechanism failure (CVE-2026-21510, CVSS 8.8) that allows unauthenticated remote atta
In IGEL OS before 11, Secure Boot can be bypassed because the igel-flash-driver module improperly verifies a cryptograph
Desktop Window Manager (DWM) in Windows contains a type confusion vulnerability (CVE-2026-21519, CVSS 7.8) that enables
Windows Common Log File System Driver contains another use-after-free for local privilege escalation, the latest in a se
Windows Storage contains an elevation of privilege vulnerability through symlink following that allows authorized attack
Windows Ancillary Function Driver for WinSock contains a use-after-free enabling local privilege escalation through a nu
Same weakness CWE-284 – Improper Access Control
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-35572
GHSA-586f-rf9v-97r7