diff --git a/src/werkzeug/debug/__init__.py b/src/werkzeug/debug/__init__.py
index 0c4cabd89..444424eb0 100644
--- a/src/werkzeug/debug/__init__.py
+++ b/src/werkzeug/debug/__init__.py
@@ -438,6 +438,11 @@ def check_pin_trust(self, environ: WSGIEnvironment) -> bool | None:
         """
         if self.pin is None:
             return True
+
+        # If we failed too many times, then we're locked out.
+        if self._failed_pin_auth.value >= 10:
+            return False
+
         val = parse_cookie(environ).get(self.pin_cookie_name)
         if not val or "|" not in val:
             return False
@@ -487,7 +492,7 @@ def pin_auth(self, request: Request) -> Response:
             auth = True
 
         # If we failed too many times, then we're locked out.
-        elif self._failed_pin_auth.value > 10:
+        elif self._failed_pin_auth.value >= 10:
             exhausted = True
 
         # Otherwise go through pin based authentication