CVE-2026-50507

Published Jun 9, 2026

Last updated 3 days ago

CVSS medium 6.8

Overview

AI description

Automated description summarized from trusted sources.

CVE-2026-50507 is a security feature bypass vulnerability found in Windows BitLocker. This flaw allows an unauthorized attacker to circumvent BitLocker's protection mechanisms through a physical attack on the system. The vulnerability enables access to encrypted data, effectively undermining the intended security provided by BitLocker. This issue was publicly disclosed before a patch was made available and is associated with a broader set of disclosures concerning potential bypasses affecting Windows recovery and encryption protections, sometimes referred to as "YellowKey" or "bitskrieg."

Description
Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.
Source
secure@microsoft.com
NVD status
Analyzed
Products
windows_10_1607, windows_10_1809, windows_10_21h2, windows_10_22h2, windows_11_23h2, windows_11_24h2, windows_11_25h2, windows_11_26h1, windows_server_2012, windows_server_2016, windows_server_2019, windows_server_2022, windows_server_2025

Risk scores

CVSS 3.1

Type
Primary
Base score
6.8
Impact score
5.9
Exploitability score
0.9
Vector string
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity
MEDIUM

Weaknesses

secure@microsoft.com
CWE-306

Social media

Hype score
Not currently trending

  1. Microsoft’s June 2026 Patch Tuesday Addresses 198 CVEs ( CVE-2026-49160, CVE-2026-50507) https://t.co/neWCvEN5xs https://t.co/QsZTwrH4Ri

    @TechMash365

    13 Jun 2026

    19 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. Microsoft’s June 2026 Patch Tuesday Addresses 198 CVEs ( CVE-2026-49160, CVE-2026-50507) https://t.co/KAPOi3wFOQ https://t.co/4JIN3hhotI

    @TechMash365

    12 Jun 2026

    33 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. Microsoft’s June 2026 Patch Tuesday Addresses 198 CVEs ( CVE-2026-49160, CVE-2026-50507) https://t.co/cJj0ldVXQV https://t.co/nRU5mY6Wgz

    @secured_cyber

    12 Jun 2026

    7 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. Windowsを使っている方、今月のパッチは急いでほしい。ゼロデイ3件を含む200個の脆弱性が一度に修正された。↓ ・CVE-2026-50507:BitLockerのセキュリティ機能をバイパス可能 ・CVE-2026-45586:Collaborative Translation Frame

    @hasamayo1217

    11 Jun 2026

    18 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. Microsoft、2026年6月定例パッチで史上最多206件の脆弱性を修正-3件のゼロデイや危険な脆弱性含む(CVE-2026-50507,CVE-2026-45586,CVE-2026-47291,CVE-2026-49160) https://t.co/CpGVUObyFk #セキュリティ対策Lab #security #securitynews

    @securityLab_jp

    11 Jun 2026

    114 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  6. Microsoft’s June 2026 Patch Tuesday Addresses 198 CVEs ( CVE-2026-49160, CVE-2026-50507) https://t.co/VQhHQS97ni https://t.co/BDfQM9FjuD

    @pcasano

    10 Jun 2026

    38 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  7. Microsoft’s June 2026 Patch Tuesday Addresses 198 CVEs ( CVE-2026-49160, CVE-2026-50507) https://t.co/PjVt6R1Rth https://t.co/j1CNDgwNsZ

    @IT_Peurico

    10 Jun 2026

    31 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  8. Microsoft’s June 2026 Patch Tuesday Addresses 198 CVEs ( CVE-2026-49160, CVE-2026-50507) https://t.co/BC6vg2Nnza https://t.co/IpTcDIfuvU

    @ggrubamn

    10 Jun 2026

    4 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  9. Microsoft’s June 2026 Patch Tuesday Addresses 198 CVEs ( CVE-2026-49160, CVE-2026-50507) https://t.co/yFcY4xI8ol https://t.co/Yk0zKMNYd6

    @Art_Capella

    10 Jun 2026

    32 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  10. 【2026年6月 Patch Tuesday 要注意CVE】 🔴 CVE-2026-45657 CVSS9.8:Windowsカーネル未認証RCE(ワーム化可能) 🟠 CVE-2026-45586:入力メソッドCTFMONの権限昇格(公開済みゼロデイ) 🟡 CVE-2026-49160 CVSS7.5:HTTP/2 Bomb(DoS) 🟡

    @holy519

    10 Jun 2026

    165 Impressions

    0 Retweets

    2 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  11. 5月に紹介したBitLockerバイパスのゼロデイ「YellowKey」に続き、新たなBitLockerバイパス脆弱性CVE-2026-50507が、6月の月例セキュリティ更新で修正されました。物理アクセスを持つ未認証の攻撃者が、本来必要な認証

    @MalwareBibleJP

    10 Jun 2026

    1704 Impressions

    6 Retweets

    29 Likes

    8 Bookmarks

    0 Replies

    0 Quotes

  12. Microsoftは6月のPatch Tuesdayで、BitLockerのセキュリティ機能を回避できる脆弱性CVE-2026-50507を公表した。物理的にデバイスへアクセスできる攻撃者がBitLocker Device

    @yousukezan

    10 Jun 2026

    1675 Impressions

    5 Retweets

    6 Likes

    2 Bookmarks

    0 Replies

    0 Quotes

  13. 🚨 𝗛𝗼𝗿𝗶𝘇𝗼𝗻 𝗔𝗹𝗲𝗿𝘁 – 𝗝𝘂𝗻𝗲 𝟮𝟬𝟮𝟲 𝗣𝗮𝘁𝗰𝗵 𝗧𝘂𝗲𝘀𝗱𝗮𝘆 After just one month without zero-days, we’re back to 𝟯 𝗻𝗲𝘄 𝘇𝗲𝗿𝗼-𝗱𝗮𝘆𝘀 and multiple nasty 9+ vuln

    @horizon_secured

    9 Jun 2026

    1557 Impressions

    1 Retweet

    16 Likes

    5 Bookmarks

    2 Replies

    0 Quotes

Configurations

Related CVEs

  1. Uncontrolled resource consumption in HTTP/2 allows an unauthorized attacker to deny service over a network.CVE-2026-49160
  2. Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally.CVE-2026-48583
  3. Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.CVE-2026-48578
  4. Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.CVE-2026-48576
  5. Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.CVE-2026-48575

References

Sources include official advisories and independent security research.