Skip to main content

Windows BitLocker CVE-2026-50507

| EUVDEUVD-2026-35589 MEDIUM
Missing Authentication for Critical Function (CWE-306)
2026-06-09 secure@microsoft.com GHSA-h7w3-v34v-748v
Medium
Disputed · 6.8 Vendor: microsoft
Temporal: 6.1
Share

Severity by source

Sources disagree (Medium–Critical)
Vendor (microsoft) PRIMARY
6.8 MEDIUM
AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
ENISA EUVD
CRITICAL
qualitative
CIRCL (temporal)
6.1 MEDIUM
cvss

vuln.today treats the vendor’s rating as authoritative. A higher third-party CVSS (e.g. CISA-ADP) is shown for transparency but does not drive the headline severity.

CVSS VectorVendor: microsoft

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Physical
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

2
Analysis Generated
Jun 09, 2026 - 19:02 vuln.today
CVE Published
Jun 09, 2026 - 17:17 nvd
MEDIUM 6.8

DescriptionCVE.org

Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.

AnalysisAI

BitLocker's protection mechanism on Windows fails to enforce a critical authentication or verification step, permitting a physically present attacker to bypass full-disk encryption without credentials, a recovery key, or elevated privileges. Despite a CVSS score of 6.8 (Medium) - moderated by the physical access requirement - the impact ratings are High across confidentiality, integrity, and availability, meaning successful exploitation grants complete access to encrypted data and the underlying system. No public exploit has been identified at time of analysis, and Microsoft has released a patch via the MSRC update guide.

Technical ContextAI

Windows BitLocker is Microsoft's built-in full-volume encryption technology, designed to protect data at rest on Windows devices by encrypting the entire drive and requiring authentication (TPM, PIN, recovery key, or combination) to unlock it at boot. CWE-306 (Missing Authentication for Critical Function) identifies the root cause class: a critical security gate - specifically the protection mechanism enforcing BitLocker's access controls - is missing or bypassable, allowing an unauthorized actor to circumvent encryption without supplying the required authentication factor. This CWE commonly manifests in BitLocker contexts as inadequate enforcement of pre-boot PIN requirements, exploitable TPM-only unlock paths, or boot-sequence verification steps that can be skipped through physical manipulation (e.g., cold-boot attacks, DMA attacks, or firmware-level bypasses). The CVSS vector AV:P confirms that exploitation requires direct physical presence at the device.

RemediationAI

Microsoft has released a patch addressing CVE-2026-50507; the exact patched Windows version is not independently confirmed from the available data beyond 'patch available from vendor,' so administrators should consult the MSRC advisory at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-50507 for the specific KB article and affected build numbers, then apply the relevant cumulative or security update through Windows Update, WSUS, or SCCM. As compensating controls prior to patching or for defense-in-depth, organizations should enforce BitLocker with a pre-boot PIN or startup key in addition to TPM (rather than TPM-only mode), as this raises the bar for physical attackers - note this adds user friction at every boot cycle. Disabling USB and external boot options in BIOS/UEFI firmware and setting a BIOS/UEFI password prevents attackers from booting alternative OS environments to bypass BitLocker. For high-value or high-mobility devices, enabling Microsoft Entra ID or on-premises remote wipe capabilities ensures data can be rendered inaccessible if a device is confirmed stolen. Physical security controls such as device tracking and cable locks provide additional deterrence against the physical access prerequisite.

CVE-2025-33053 HIGH POC
8.8 Jun 10

Windows Internet Shortcut Files (.url) contain an external control vulnerability (CVE-2025-33053, CVSS 8.8) that enables

CVE-2025-33073 HIGH POC
8.8 Jun 10

Windows SMB contains an improper access control vulnerability (CVE-2025-33073, CVSS 8.8) enabling authenticated attacker

CVE-2025-21293 HIGH POC
8.8 Jan 14

Active Directory Domain Services contains an elevation of privilege vulnerability that allows authenticated domain users

CVE-2025-30397 HIGH POC
7.5 May 13

Microsoft Scripting Engine contains a type confusion vulnerability allowing unauthorized remote code execution over the

CVE-2025-32706 HIGH POC
7.8 May 13

Windows CLFS Driver contains an input validation flaw enabling local privilege escalation, yet another CLFS kernel vulne

CVE-2025-21418 HIGH
7.8 Feb 11

Windows Ancillary Function Driver for WinSock contains a heap-based buffer overflow enabling local privilege escalation

CVE-2026-21510 HIGH POC
8.8 Feb 10

Windows Shell contains a protection mechanism failure (CVE-2026-21510, CVSS 8.8) that allows unauthenticated remote atta

CVE-2025-47827 MEDIUM POC
4.6 Jun 05

In IGEL OS before 11, Secure Boot can be bypassed because the igel-flash-driver module improperly verifies a cryptograph

CVE-2026-21519 HIGH
7.8 Feb 10

Desktop Window Manager (DWM) in Windows contains a type confusion vulnerability (CVE-2026-21519, CVSS 7.8) that enables

CVE-2025-32701 HIGH
7.8 May 13

Windows Common Log File System Driver contains another use-after-free for local privilege escalation, the latest in a se

CVE-2025-21391 HIGH
7.1 Feb 11

Windows Storage contains an elevation of privilege vulnerability through symlink following that allows authorized attack

CVE-2025-32709 HIGH
7.8 May 13

Windows Ancillary Function Driver for WinSock contains a use-after-free enabling local privilege escalation through a nu

Share

CVE-2026-50507 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy