Windows BitLocker security feature bypass
Publicly disclosed BitLocker Device Encryption bypass fixed in Microsoft's July 2026 Patch Tuesday. Requires physical access; no confirmed exploitation as of publication.
- Vendor
- Microsoft
- Product
- Windows (BitLocker Device Encryption) — see MSRC advisory for affected builds
- CVSS
- 6.1
- EPSS (exploit probability)
- N/A
- Status
- patched
- Published
CVE-2026-50661 is a security feature bypass in Windows BitLocker. Per Microsoft’s advisory, a successful attacker can bypass BitLocker Device Encryption on the system storage device. NVD scores it 6.1 (medium). Microsoft rates it Important.
Microsoft disclosed the flaw in the July 2026 Patch Tuesday release on 2026-07-14. The vulnerability was publicly disclosed prior to patch availability but has not been confirmed as exploited in the wild at time of publication. Exploitation requires physical access to the target device.
Practical impact is highest for organisations that handle lost/stolen laptop recovery or that ship devices through third-party logistics chains where physical access is difficult to guarantee. Standard Patch Tuesday rollout channels are sufficient for most fleets.
See the write-up: Microsoft July Patch Tuesday: 570 CVEs, 3 zero-days out.
