{"api_version":"1","generated_at":"2026-05-30T23:21:25+00:00","cve":"CVE-2026-45585","urls":{"html":"https://cve.report/CVE-2026-45585","api":"https://cve.report/api/cve/CVE-2026-45585.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2026-45585","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2026-45585"},"summary":{"title":"Windows BitLocker Security Feature Bypass Vulnerability","description":"Microsoft is aware of a security feature bypass vulnerability in Windows publicly referred to as "YellowKey". The proof of concept for this vulnerability has been made public violating coordinated vulnerability best practices.\nWe are issuing this CVE to provide mitigation guidance that can be implemented to protect against this vulnerability until the security update is made available.\nMitigation FAQs\nShould I leverage the temporary mitigation?\nMicrosoft recommends that you consider implementing these mitigations if you are concerned your devices and data are at risk of being compromised or stolen. For example, if your organization’s employees take their work devices home or on business travel.\nWhat impact to service availability/management could be caused by implementing the mitigations?\nImplementing these mitigations will not impact service availability or management operations.\nDo customers need to revert the changes made to mitigate the vulnerability once the security update to protect against this vulnerability is available?\nNo. The security update will maintain the mitigation's behavior once the security update is installed.\nI am using TPM+PIN, am I at risk of this vulnerability being exploited\nNo, if you are using TPM+PIN the vulnerability is not exploitable.","state":"PUBLISHED","assigner":"microsoft","published_at":"2026-05-20 00:16:44","updated_at":"2026-05-20 16:42:42"},"problem_types":["CWE-77","CWE-77 CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')"],"metrics":[{"version":"3.1","source":"secure@microsoft.com","type":"Secondary","score":"6.8","severity":"MEDIUM","vector":"CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":6.8,"baseSeverity":"MEDIUM","attackVector":"PHYSICAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"}},{"version":"3.1","source":"CNA","type":"CVSS","score":"6.8","severity":"MEDIUM","vector":"CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:W/RC:C","data":{"baseScore":6.8,"baseSeverity":"MEDIUM","vectorString":"CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:W/RC:C","version":"3.1"}}],"references":[{"url":"https://github.com/Nightmare-Eclipse/YellowKey","name":"https://github.com/Nightmare-Eclipse/YellowKey","refsource":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Third Party Advisory"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45585","name":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45585","refsource":"secure@microsoft.com","tags":["Vendor Advisory","Mitigation"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2026-45585","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-45585","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"Microsoft","product":"Windows 11 Version 24H2","version":"affected -","platforms":["x64-based Systems"]},{"source":"CNA","vendor":"Microsoft","product":"Windows 11 Version 25H2","version":"affected -","platforms":["x64-based Systems"]},{"source":"CNA","vendor":"Microsoft","product":"Windows 11 version 26H1","version":"affected -","platforms":["x64-based Systems"]},{"source":"CNA","vendor":"Microsoft","product":"Windows Server 2025","version":"affected -","platforms":["x64-based Systems"]},{"source":"CNA","vendor":"Microsoft","product":"Windows Server 2025 (Server Core installation)","version":"affected -","platforms":["x64-based Systems"]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2026","cve_id":"45585","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"microsoft","cpe5":"windows_11_24h2","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"x64","cpe13":"*"},{"cve_year":"2026","cve_id":"45585","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"microsoft","cpe5":"windows_11_25h2","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"x64","cpe13":"*"},{"cve_year":"2026","cve_id":"45585","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"microsoft","cpe5":"windows_11_26h1","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"x64","cpe13":"*"},{"cve_year":"2026","cve_id":"45585","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"microsoft","cpe5":"windows_server_2025","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":{"cve_year":"2026","cve_id":"45585","cve":"CVE-2026-45585","epss":"0.001130000","percentile":"0.295970000","score_date":"2026-05-28","updated_at":"2026-05-29 00:13:16"},"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"metrics":[{"other":{"content":{"id":"CVE-2026-45585","options":[{"Exploitation":"poc"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CISA Coordinator","timestamp":"2026-05-20T00:00:00+00:00","version":"2.0.3"},"type":"ssvc"}}],"providerMetadata":{"dateUpdated":"2026-05-21T03:55:18.708Z","orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP"},"references":[{"tags":["exploit"],"url":"https://github.com/Nightmare-Eclipse/YellowKey"}],"title":"CISA ADP Vulnrichment"}],"cna":{"affected":[{"platforms":["x64-based Systems"],"product":"Windows 11 Version 24H2","vendor":"Microsoft","versions":[{"status":"affected","version":"-"}]},{"platforms":["x64-based Systems"],"product":"Windows 11 Version 25H2","vendor":"Microsoft","versions":[{"status":"affected","version":"-"}]},{"platforms":["x64-based Systems"],"product":"Windows 11 version 26H1","vendor":"Microsoft","versions":[{"status":"affected","version":"-"}]},{"platforms":["x64-based Systems"],"product":"Windows Server 2025","vendor":"Microsoft","versions":[{"status":"affected","version":"-"}]},{"platforms":["x64-based Systems"],"product":"Windows Server 2025 (Server Core installation)","vendor":"Microsoft","versions":[{"status":"affected","version":"-"}]}],"cpeApplicability":[{"nodes":[{"cpeMatch":[{"criteria":"cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*","versionStartIncluding":"-","vulnerable":true},{"criteria":"cpe:2.3:o:microsoft:windows_11_25H2:*:*:*:*:*:*:x64:*","versionStartIncluding":"-","vulnerable":true},{"criteria":"cpe:2.3:o:microsoft:windows_11_24H2:*:*:*:*:*:*:x64:*","versionStartIncluding":"-","vulnerable":true},{"criteria":"cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*","versionStartIncluding":"-","vulnerable":true},{"criteria":"cpe:2.3:o:microsoft:windows_11_26H1:*:*:*:*:*:*:x64:*","versionStartIncluding":"-","vulnerable":true}],"negate":false,"operator":"OR"}]}],"datePublic":"2026-05-19T14:00:00.000Z","descriptions":[{"lang":"en-US","value":"Microsoft is aware of a security feature bypass vulnerability in Windows publicly referred to as "YellowKey". The proof of concept for this vulnerability has been made public violating coordinated vulnerability best practices.\nWe are issuing this CVE to provide mitigation guidance that can be implemented to protect against this vulnerability until the security update is made available.\nMitigation FAQs\nShould I leverage the temporary mitigation?\nMicrosoft recommends that you consider implementing these mitigations if you are concerned your devices and data are at risk of being compromised or stolen. For example, if your organization’s employees take their work devices home or on business travel.\nWhat impact to service availability/management could be caused by implementing the mitigations?\nImplementing these mitigations will not impact service availability or management operations.\nDo customers need to revert the changes made to mitigate the vulnerability once the security update to protect against this vulnerability is available?\nNo. The security update will maintain the mitigation's behavior once the security update is installed.\nI am using TPM+PIN, am I at risk of this vulnerability being exploited\nNo, if you are using TPM+PIN the vulnerability is not exploitable."}],"metrics":[{"cvssV3_1":{"baseScore":6.8,"baseSeverity":"MEDIUM","vectorString":"CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:W/RC:C","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en-US","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-77","description":"CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')","lang":"en-US","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2026-05-22T22:04:00.598Z","orgId":"f38d906d-7342-40ea-92c1-6c4a2c6478c8","shortName":"microsoft"},"references":[{"name":"Windows BitLocker Security Feature Bypass Vulnerability","tags":["vendor-advisory","patch"],"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45585"}],"title":"Windows BitLocker Security Feature Bypass Vulnerability"}},"cveMetadata":{"assignerOrgId":"f38d906d-7342-40ea-92c1-6c4a2c6478c8","assignerShortName":"microsoft","cveId":"CVE-2026-45585","datePublished":"2026-05-19T23:30:26.247Z","dateReserved":"2026-05-12T19:55:45.729Z","dateUpdated":"2026-05-22T22:04:00.598Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2026-05-20 00:16:44","lastModifiedDate":"2026-05-20 16:42:42","problem_types":["CWE-77","CWE-77 CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')"],"metrics":{"cvssMetricV31":[{"source":"secure@microsoft.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":6.8,"baseSeverity":"MEDIUM","attackVector":"PHYSICAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":0.9,"impactScore":5.9}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:x64:*","matchCriteriaId":"1799DC19-34BA-42B4-A6DC-02774202DE22"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:x64:*","matchCriteriaId":"AAAB3FDE-4FF2-47DE-9BDA-25B2855054E7"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_11_26h1:*:*:*:*:*:*:x64:*","matchCriteriaId":"DA9F6F61-46D3-4ECD-8B5D-1484222B7364"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*","matchCriteriaId":"9B12238F-DF99-4247-B645-259C3FD98F61"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2026","CveId":"45585","Ordinal":"1","Title":"Windows BitLocker Security Feature Bypass Vulnerability","CVE":"CVE-2026-45585","Year":"2026"},"notes":[{"CveYear":"2026","CveId":"45585","Ordinal":"1","NoteData":"Microsoft is aware of a security feature bypass vulnerability in Windows publicly referred to as "YellowKey". The proof of concept for this vulnerability has been made public violating coordinated vulnerability best practices.\nWe are issuing this CVE to provide mitigation guidance that can be implemented to protect against this vulnerability until the security update is made available.","Type":"Description","Title":"Windows BitLocker Security Feature Bypass Vulnerability"}]}}}