Apr 2026: Windows Hello Security Feature Bypass Vulnerability
CVE-2026-27928 Published on April 14, 2026

Windows Hello Security Feature Bypass Vulnerability
Improper input validation in Windows Hello allows an unauthorized attacker to bypass a security feature over a network.

Vendor Advisory NVD

Weakness Type

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Products Associated with CVE-2026-27928

Want to know whenever a new CVE is published for Microsoft products? stack.watch will email you.

Microsoft Windows Server 2019

Microsoft Windows Server 2022

Microsoft Windows Server 2025

Microsoft Windows Server 23h2

Microsoft Windows Server 2016

Affected Versions

Microsoft Windows Server 2016:

Version 10.0.14393.0 and below 10.0.14393.9060 is affected.

Microsoft Windows Server 2016 (Server Core installation):

Version 10.0.14393.0 and below 10.0.14393.9060 is affected.

Microsoft Windows Server 2019:

Version 10.0.17763.0 and below 10.0.17763.8644 is affected.

Microsoft Windows Server 2019 (Server Core installation):

Version 10.0.17763.0 and below 10.0.17763.8644 is affected.

Microsoft Windows Server 2022:

Version 10.0.20348.0 and below 10.0.20348.5020 is affected.

Microsoft Windows Server 2022, 23H2 Edition (Server Core installation):

Version 10.0.25398.0 and below 10.0.25398.2274 is affected.

Microsoft Windows Server 2025:

Version 10.0.26100.0 and below 10.0.26100.32690 is affected.

Microsoft Windows Server 2025 (Server Core installation):

Version 10.0.26100.0 and below 10.0.26100.32690 is affected.

Apr 2026: Windows Hello Security Feature Bypass VulnerabilityCVE-2026-27928 Published on April 14, 2026

Weakness Type

Improper Input Validation

Products Associated with CVE-2026-27928

Affected Versions

Apr 2026: Windows Hello Security Feature Bypass Vulnerability
CVE-2026-27928 Published on April 14, 2026