CVE-2026-45585

MEDIUM

Microsoft is aware of a security feature bypass vulnerability in Windows publicly referred to as "YellowKey". The proof of concept for this vulnerability has been made public violating coordinated vulnerability best practices. We are issuing this CVE to provide mitigation guidance that can be implemented to protect against this vulnerability until the security update is made available.

CVSS v3.1 Score

6.8
MEDIUM
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
PHYSICAL
Complexity
LOW
Privileges
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH
Published: 5/20/2026Modified: 5/20/2026

Related Intelligence (1)

CRITICALZero Day

Microsoft Releases Mitigation for YellowKey BitLocker Bypass CVE-2026-45585 Exploit

Microsoft on Tuesday released a mitigation for a BitLocker bypass vulnerability named YellowKey following its public disclosure last week. The zero-day flaw, now tracked as CVE-2026-45585, carries a CVSS score of 6.8. It has been described as a BitLocker security feature bypass. "Microsoft is aware of a security feature bypass vulnerability in Windows publicly referred to as 'YellowKey,'" the

CVE-2026-45585
The Hacker News

References (2)

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45585Vendor AdvisoryMitigationhttps://github.com/Nightmare-Eclipse/YellowKeyExploitThird Party Advisory