Skip to main content

Windows BitLocker CVE-2026-45658

| EUVDEUVD-2026-35572 MEDIUM
Improper Access Control (CWE-284)
2026-06-09 secure@microsoft.com GHSA-586f-rf9v-97r7
Medium
Disputed · 6.8 NVD
Share

Severity by source

Sources disagree (Medium–Critical)
NVD PRIMARY
6.8 MEDIUM
AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
ENISA EUVD
CRITICAL
qualitative

vuln.today treats the vendor’s rating as authoritative. A higher third-party CVSS (e.g. CISA-ADP) is shown for transparency but does not drive the headline severity.

CVSS VectorNVD

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Physical
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

4
Severity Changed
Jul 09, 2026 - 00:22 NVD
HIGH MEDIUM
CVSS changed
Jul 09, 2026 - 00:22 NVD
7.8 (HIGH) 6.8 (MEDIUM)
Analysis Generated
Jun 09, 2026 - 17:59 vuln.today
CVE Published
Jun 09, 2026 - 17:17 nvd
HIGH 7.8

DescriptionNVD

Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.

AnalysisAI

Security feature bypass in Microsoft Windows BitLocker allows an attacker with physical access to circumvent the drive encryption protection mechanism. Affected systems can have BitLocker-protected data accessed despite the encryption-at-rest control being enabled, undermining a core platform confidentiality boundary. There is no public exploit identified at time of analysis, but the vulnerability is reported by Microsoft (secure@microsoft.com) as a protection mechanism failure with high impact across confidentiality, integrity, and availability.

Technical ContextAI

BitLocker is Microsoft's full-volume encryption feature that protects data at rest on Windows systems, typically leveraging a Trusted Platform Module (TPM) to seal the volume master key and release it only when the boot environment is in a known-good state. The CWE-284 (Improper Access Control) classification indicates that an access control or protection mechanism within BitLocker - likely the pre-boot authentication, TPM unsealing flow, or recovery key handling - fails to correctly enforce its security boundary. Because BitLocker relies on the integrity of the boot chain and hardware-rooted secrets, a failure in any link of that chain (e.g., DMA exposure, unsealing logic, or recovery path validation) can allow decrypted access to volumes that should remain sealed.

RemediationAI

Apply the Microsoft security update referenced in the MSRC advisory at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45658 as soon as patch details are published; patch available per vendor advisory, but exact fix version is not enumerated in the provided data and must be retrieved from the MSRC page for the affected Windows build. Until the update is deployed, defenders should enable BitLocker pre-boot authentication with a PIN or USB startup key (TPM+PIN) so that a stolen device cannot be unsealed by physical access alone - note this changes the user logon experience and complicates remote/unattended reboots. Additionally, ensure Secure Boot is enabled, disable unnecessary DMA-capable external ports (Thunderbolt/FireWire) via Group Policy or firmware, enable Kernel DMA Protection on supported hardware, and physically secure or remove drives from end-of-life and lost devices; the trade-off of disabling DMA ports is reduced peripheral functionality for users who rely on docking stations and external GPUs.

CVE-2025-33053 HIGH POC
8.8 Jun 10

Windows Internet Shortcut Files (.url) contain an external control vulnerability (CVE-2025-33053, CVSS 8.8) that enables

CVE-2025-33073 HIGH POC
8.8 Jun 10

Windows SMB contains an improper access control vulnerability (CVE-2025-33073, CVSS 8.8) enabling authenticated attacker

CVE-2025-21293 HIGH POC
8.8 Jan 14

Active Directory Domain Services contains an elevation of privilege vulnerability that allows authenticated domain users

CVE-2025-30397 HIGH POC
7.5 May 13

Microsoft Scripting Engine contains a type confusion vulnerability allowing unauthorized remote code execution over the

CVE-2025-32706 HIGH POC
7.8 May 13

Windows CLFS Driver contains an input validation flaw enabling local privilege escalation, yet another CLFS kernel vulne

CVE-2025-21418 HIGH
7.8 Feb 11

Windows Ancillary Function Driver for WinSock contains a heap-based buffer overflow enabling local privilege escalation

CVE-2026-21510 HIGH POC
8.8 Feb 10

Windows Shell contains a protection mechanism failure (CVE-2026-21510, CVSS 8.8) that allows unauthenticated remote atta

CVE-2025-47827 MEDIUM POC
4.6 Jun 05

In IGEL OS before 11, Secure Boot can be bypassed because the igel-flash-driver module improperly verifies a cryptograph

CVE-2026-21519 HIGH
7.8 Feb 10

Desktop Window Manager (DWM) in Windows contains a type confusion vulnerability (CVE-2026-21519, CVSS 7.8) that enables

CVE-2025-32701 HIGH
7.8 May 13

Windows Common Log File System Driver contains another use-after-free for local privilege escalation, the latest in a se

CVE-2025-21391 HIGH
7.1 Feb 11

Windows Storage contains an elevation of privilege vulnerability through symlink following that allows authorized attack

CVE-2025-32709 HIGH
7.8 May 13

Windows Ancillary Function Driver for WinSock contains a use-after-free enabling local privilege escalation through a nu

Share

CVE-2026-45658 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy