This issue was addressed with improved checks. This issue is fixed in macOS Tahoe 26.5. An attacker with physical access to a locked device may be able to view sensitive user information.