Cyber Resilience

CVE-2026-27913

High

Published: 14 April 2026

Published
14 April 2026
Modified
23 April 2026
KEV Added
Patch
CVSS Score v3.1 7.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
EPSS Score 0.0012 30.0th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-27913 is a high-severity Improper Input Validation (CWE-20) vulnerability in Microsoft Windows Server 2012. Its CVSS base score is 7.7 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Data from Local System (T1005); ranked at the 30.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2026-27913 is an improper input validation vulnerability (CWE-20) affecting Windows BitLocker. Published on 2026-04-14, it enables an unauthorized attacker to bypass a security feature locally on impacted systems. The vulnerability carries a CVSS v3.1 base score of 7.7 (AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N), indicating high severity due to its potential for significant confidentiality and integrity impacts.

A local attacker can exploit this issue with low attack complexity, requiring no privileges, user interaction, or special conditions. Exploitation allows bypassing BitLocker's security protections, potentially granting unauthorized access to encrypted data or altering protected resources without affecting availability.

Microsoft's update guide provides details on mitigation, available at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-27913. Security practitioners should consult this advisory for patching instructions and workarounds.

EU & UK References

Vulnerability details

Improper input validation in Windows BitLocker allows an unauthorized attacker to bypass a security feature locally.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1005 Data from Local System Collection
Adversaries may search local system sources, such as file systems, configuration files, local databases, virtual machine files, or process memory, to find files of interest and sensitive data prior to Exfiltration.
T1565.001 Stored Data Manipulation Impact
Adversaries may insert, delete, or manipulate data at rest in order to influence external outcomes or hide activity, thus threatening the integrity of the data.
Why these techniques?

Bypassing BitLocker via local input validation flaw directly enables reading encrypted local files/data (T1005) and modifying protected on-disk resources (T1565.001).

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-26154Same product: Microsoft Windows Server 2012
CVE-2026-33826Same product: Microsoft Windows Server 2012
CVE-2026-27928Same product: Microsoft Windows Server 2016
CVE-2026-20856Same product: Microsoft Windows Server 2012
CVE-2025-59287Same product: Microsoft Windows Server 2012
CVE-2026-27912Same product: Microsoft Windows Server 2012
CVE-2025-54106Same product: Microsoft Windows Server 2012
CVE-2025-49688Same product: Microsoft Windows Server 2012
CVE-2026-41095Same product: Microsoft Windows Server 2012
CVE-2025-21309Same product: Microsoft Windows Server 2012

Affected Assets

microsoft
windows server 2012
all versions, r2
microsoft
windows server 2016
≤ 10.0.14393.9060
microsoft
windows server 2019
≤ 10.0.17763.8644
microsoft
windows server 2022
≤ 10.0.20348.5020
microsoft
windows server 2022 23h2
≤ 10.0.25398.2274

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly addresses the improper input validation (CWE-20) flaw in Windows BitLocker that enables local bypass of security features.

prevent

Ensures timely patching and remediation of the BitLocker vulnerability as detailed in Microsoft's update guide, eliminating the exploit path.

detect

Vulnerability scanning identifies systems affected by CVE-2026-27913 for prioritized patching and mitigation.

References