CVE Tools

CVE-2026-50661

Windows BitLocker Security Feature Bypass Vulnerability

Published: Jul 14, 2026Updated: Jul 14, 2026 Sources: CVE List NVDCWE-693

Description

Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.

In plain language

AI Act now

This Windows BitLocker bug can let someone with physical access get around disk encryption without needing a password or clicks—if your device can be reached by an attacker, this is a real risk and you should update.

Executive summary

CVE-2026-50661 is a security-feature bypass in Windows BitLocker that can be triggered via a physical attack (local/physical access) without authentication or user interaction, allowing bypass of BitLocker protections.

If affected, business impact
Unencrypted access to stored dataConfidential data theft riskLegal and compliance exposureDevice/operations disruption

What to do now

  1. Check which of these you run: Windows 10, Windows 11, Windows Server 2016, Windows Server 2019, Windows Server 2022, or Windows Server 2025.
  2. Identify your exact Windows build/version number (Settings → System → About on Windows 10/11; or run winver).
  3. Update immediately to the fixed versions for your branch: Windows 10 fixed in 10.0.14393.9339, 10.0.17763.9020, 10.0.19044.7548, or 10.0.19045.7548; Windows 11 fixed in 10.0.26100.8875, 10.0.26200.8875, or 10.0.28000.2525; Windows Server 2016 fixed in 10.0.14393.9339; Windows Server 2019 fixed in 10.0.17763.9020; Windows Server 2022 fixed in 10.0.20348.5386; Windows Server 2025 fixed in 10.0.26100.33158.
  4. If you cannot update right away, lock down physical access to devices (especially unattended laptops/servers) and ensure they are stored in controlled areas with no uncontrolled hands-on access.
Patch / advisory Usually a quick update

CVSS Vector Breakdown

AV:PAC:LPR:NUI:NS:UC:HI:HA:N
Exploitability
AV:PAttack Vector
Physical
AC:LAttack Complexity
Low
PR:NPrivileges Required
None
UI:NUser Interaction
None
Scope
S:UScope
Unchanged
Impact
C:HConfidentiality
High
I:HIntegrity
High
A:NAvailability
None

Weaknesses

Affected Products

and 8 more affected products View all →

Exploitability

No known exploits, KEV entries, or remediation guidance available for this vulnerability yet.

References

10

Unlock Complete Vulnerability Intelligence

Get the full picture for CVE-2026-50661 and every CVE in our database. Create a free account — no credit card required.

Create Free Account
Plain-language analysis
Impact assessment and exploitation scenario in plain English
Attack graph visualization
Interactive attack path and kill chain mapping
Exploit details & PoC links
ExploitDB, Metasploit, GitHub PoCs with direct links
Nuclei scanner templates
Ready-to-use vulnerability scanner templates
Full remediation guide
Patch instructions, workarounds, and compliance impact
Interactive AI chat
Ask questions about this vulnerability in natural language
Related vulnerabilities
Semantically similar CVEs and attack patterns
REST API & MCP access
Integrate vulnerability data into your workflows