Apr 2026: Windows Biometric Service Security Feature Bypass Vulnerability
CVE-2026-32088 Published on April 14, 2026
Windows Biometric Service Security Feature Bypass Vulnerability
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Biometric Service allows an unauthorized attacker to bypass a security feature with a physical attack.
Weakness Type
What is a Race Condition Vulnerability?
The program contains a code sequence that can run concurrently with other code, and the code sequence requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence that is operating concurrently.
CVE-2026-32088 has been classified to as a Race Condition vulnerability or weakness.
Products Associated with CVE-2026-32088
Want to know whenever a new CVE is published for Microsoft products? stack.watch will email you.
Affected Versions
Microsoft Windows 10 Version 1809:- Version 10.0.17763.0 and below 10.0.17763.8644 is affected.
- Version 10.0.19044.0 and below 10.0.19044.7184 is affected.
- Version 10.0.19045.0 and below 10.0.19045.7184 is affected.
- Version 10.0.22631.0 and below 10.0.22631.6936 is affected.
- Version 10.0.22631.0 and below 10.0.22631.6936 is affected.
- Version 10.0.26100.0 and below 10.0.26100.32690 is affected.
- Version 10.0.26200.0 and below 10.0.26200.8246 is affected.
- Version 10.0.28000.0 and below 10.0.28000.1836 is affected.
- Version 10.0.17763.0 and below 10.0.17763.8644 is affected.
- Version 10.0.17763.0 and below 10.0.17763.8644 is affected.
- Version 10.0.20348.0 and below 10.0.20348.5020 is affected.
- Version 10.0.25398.0 and below 10.0.25398.2274 is affected.
- Version 10.0.26100.0 and below 10.0.26100.32690 is affected.
- Version 10.0.26100.0 and below 10.0.26100.32690 is affected.