🔐 CVE Alert

CVE-2026-45585

MEDIUM 6.8

Windows BitLocker Security Feature Bypass Vulnerability

CVSS Score
6.8
EPSS Score
0.0%
EPSS Percentile
0th

Microsoft is aware of a security feature bypass vulnerability in Windows publicly referred to as "YellowKey". The proof of concept for this vulnerability has been made public violating coordinated vulnerability best practices. We are issuing this CVE to provide mitigation guidance that can be implemented to protect against this vulnerability until the security update is made available. Mitigation FAQs Should I leverage the temporary mitigation? Microsoft recommends that you consider implementing these mitigations if you are concerned your devices and data are at risk of being compromised or stolen. For example, if your organization’s employees take their work devices home or on business travel. What impact to service availability/management could be caused by implementing the mitigations? Implementing these mitigations will not impact service availability or management operations. Do customers need to revert the changes made to mitigate the vulnerability once the security update to protect against this vulnerability is available? No. The security update will maintain the mitigation's behavior once the security update is installed. I am using TPM+PIN, am I at risk of this vulnerability being exploited No, if you are using TPM+PIN the vulnerability is not exploitable.

Vendor microsoft
Product windows 11 version 24h2
Ecosystems
Industries
TechnologyEnterprise
Published May 19, 2026
Last Updated Jun 19, 2026
Stay Ahead of the Next One

Get instant alerts for microsoft windows 11 version 24h2

Be the first to know when new medium vulnerabilities affecting microsoft windows 11 version 24h2 are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:W/RC:C
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability

Affected Versions

Microsoft / Windows 11 Version 24H2
10.0.26100.0 < 10.0.26100.8655
Microsoft / Windows 11 Version 25H2
10.0.26200.0 < 10.0.26200.8655
Microsoft / Windows 11 version 26H1
10.0.28000.0 < 10.0.28000.2269
Microsoft / Windows Server 2025
10.0.26100.0 < 10.0.26100.32995
Microsoft / Windows Server 2025 (Server Core installation)
10.0.26100.0 < 10.0.26100.32995

References

NVD ↗ CVE.org ↗ EPSS Data ↗
msrc.microsoft.com: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45585 github.com: https://github.com/Nightmare-Eclipse/YellowKey