CVE-2026-45585
Windows BitLocker Security Feature Bypass Vulnerability
Description
Microsoft is aware of a security feature bypass vulnerability in Windows publicly referred to as "YellowKey". The proof of concept for this vulnerability has been made public violating coordinated vulnerability best practices. We are issuing this CVE to provide mitigation guidance that can be implemented to protect against this vulnerability until the security update is made available. Mitigation FAQs Should I leverage the temporary mitigation? Microsoft recommends that you consider implementing these mitigations if you are concerned your devices and data are at risk of being compromised or stolen. For example, if your organization’s employees take their work devices home or on business travel. What impact to service availability/management could be caused by implementing the mitigations? Implementing these mitigations will not impact service availability or management operations. Do customers need to revert the changes made to mitigate the vulnerability once the security update to protect against this vulnerability is available? No. The security update will maintain the mitigation's behavior once the security update is installed. I am using TPM+PIN, am I at risk of this vulnerability being exploited No, if you are using TPM+PIN the vulnerability is not exploitable.
INFO
Published Date :
May 20, 2026, 12:16 a.m.
Last Modified :
May 22, 2026, 11:16 p.m.
Remotely Exploit :
No
Source :
[email protected]
Affected Products
The following products are affected by CVE-2026-45585
vulnerability.
Even if cvefeed.io is aware of the exact versions of the
products
that
are
affected, the information is not represented in the table below.
CVSS Scores
| Score | Version | Severity | Vector | Exploitability Score | Impact Score | Source |
|---|---|---|---|---|---|---|
| CVSS 3.1 | MEDIUM | f38d906d-7342-40ea-92c1-6c4a2c6478c8 | ||||
| CVSS 3.1 | MEDIUM | [email protected] |
Public PoC/Exploit Available at Github
CVE-2026-45585 has a 31 public
PoC/Exploit available at Github.
Go to the Public Exploits tab to see the list.
References to Advisories, Solutions, and Tools
Here, you will find a curated list of external links that provide in-depth
information, practical solutions, and valuable tools related to
CVE-2026-45585.
| URL | Resource |
|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45585 | Mitigation Vendor Advisory |
| https://github.com/Nightmare-Eclipse/YellowKey | Exploit Third Party Advisory |
CWE - Common Weakness Enumeration
While CVE identifies
specific instances of vulnerabilities, CWE categorizes the common flaws or
weaknesses that can lead to vulnerabilities. CVE-2026-45585 is
associated with the following CWEs:
Common Attack Pattern Enumeration and Classification (CAPEC)
Common Attack Pattern Enumeration and Classification
(CAPEC)
stores attack patterns, which are descriptions of the common attributes and
approaches employed by adversaries to exploit the CVE-2026-45585
weaknesses.
We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).
yellowkey bitlocker github cve download recovery key cve-2026-45585 nightmare-eclipse bypass tpm sniffing decryption tool setup guide tutorial windows 11 windows 10 error fix latest version 2026
bitlocker bitlocker-bypass bitlocker-drive-encryption bitlocker-drive-lock bitlocker-drive-management bitlocker-lock bitlocker-yellowkey cve-2026-45585 decryption-tool nightmare-eclipse yellow-download yellow-install yellow-key yellow-software yellowkey yellowkey-bitlocker yellowkey-cve yellowkey-exploit yellowkey-vulnerability
C#
YellowKey | BitLocker Bypass CVE-2026-45585 | Detect & Fix Automatically via Microsoft Intune
yellowkey bitlocker github vulnerability bypass cve-2026-45585 windows 11 security zero day exploit winre recovery mode poc nightmare eclipse chaotic eclipse exploit tool usb attack encryption hack script mitigation guide fstx winpeshl shell unpatched fix tool
bitlocker bitlocker-bypass bitlocker-drive-encryption bitlocker-drive-management bitlocker-lock bitlocker-yellowkey cve-2026-45585 nightmare-eclipse yellow-key yellowkey
TypeScript JavaScript
yellowkey bitlocker github vulnerability bypass cve-2026-45585 windows 11 security zero day exploit winre recovery mode poc nightmare eclipse chaotic eclipse exploit tool usb attack encryption hack script mitigation guide fstx winpeshl shell unpatched fix tool
bitlocker bitlocker-bypass bitlocker-drive-encryption bitlocker-drive-management bitlocker-lock bitlocker-yellowkey cve-2026-45585 nightmare-eclipse yellow-key yellowkey
TypeScript JavaScript
yellowkey bitlocker github vulnerability bypass cve-2026-45585 windows 11 security zero day exploit winre recovery mode poc nightmare eclipse chaotic eclipse exploit tool usb attack encryption hack script mitigation guide fstx winpeshl shell unpatched fix tool
bitlocker bitlocker-bypass bitlocker-drive-encryption bitlocker-drive-management bitlocker-lock bitlocker-yellowkey cve-2026-45585 nightmare-eclipse yellow-key yellowkey
TypeScript JavaScript
yellowkey bitlocker github vulnerability bypass cve-2026-45585 windows 11 security zero day exploit winre recovery mode poc nightmare eclipse chaotic eclipse exploit tool usb attack encryption hack script mitigation guide fstx winpeshl shell unpatched fix tool
bitlocker bitlocker-bypass bitlocker-drive-encryption bitlocker-drive-management bitlocker-lock bitlocker-yellowkey cve-2026-45585 nightmare-eclipse yellow-key yellowkey
TypeScript JavaScript
yellowkey bitlocker github vulnerability bypass cve-2026-45585 windows 11 security zero day exploit winre recovery mode poc nightmare eclipse chaotic eclipse exploit tool usb attack encryption hack script mitigation guide fstx winpeshl shell unpatched fix tool
bitlocker bitlocker-bypass bitlocker-drive-encryption bitlocker-drive-management bitlocker-lock bitlocker-yellowkey cve-2026-45585 nightmare-eclipse yellow-key yellowkey
TypeScript JavaScript
yellowkey bitlocker github vulnerability bypass cve-2026-45585 windows 11 security zero day exploit winre recovery mode poc nightmare eclipse chaotic eclipse exploit tool usb attack encryption hack script mitigation guide fstx winpeshl shell unpatched fix tool
bitlocker bitlocker-bypass bitlocker-drive-encryption bitlocker-drive-management bitlocker-lock bitlocker-yellowkey cve-2026-45585 nightmare-eclipse yellow-key yellowkey
TypeScript JavaScript
yellowkey bitlocker github vulnerability bypass cve-2026-45585 windows 11 security zero day exploit winre recovery mode poc nightmare eclipse chaotic eclipse exploit tool usb attack encryption hack script mitigation guide fstx winpeshl shell unpatched fix tool
bitlocker bitlocker-bypass bitlocker-drive-encryption bitlocker-drive-management bitlocker-lock bitlocker-yellowkey cve-2026-45585 nightmare-eclipse yellow-key yellowkey
TypeScript JavaScript
yellowkey bitlocker github vulnerability bypass cve-2026-45585 windows 11 security zero day exploit winre recovery mode poc nightmare eclipse chaotic eclipse exploit tool usb attack encryption hack script mitigation guide fstx winpeshl shell unpatched fix tool
bitlocker bitlocker-bypass bitlocker-drive-encryption bitlocker-drive-management bitlocker-lock bitlocker-yellowkey cve-2026-45585 nightmare-eclipse yellow-key yellowkey
TypeScript JavaScript
yellowkey bitlocker github vulnerability bypass cve-2026-45585 windows 11 security zero day exploit winre recovery mode poc nightmare eclipse chaotic eclipse exploit tool usb attack encryption hack script mitigation guide fstx winpeshl shell unpatched fix tool
bitlocker bitlocker-bypass bitlocker-drive-encryption bitlocker-drive-management bitlocker-lock bitlocker-yellowkey cve-2026-45585 nightmare-eclipse yellow-key yellowkey
TypeScript JavaScript
yellowkey bitlocker github vulnerability bypass cve-2026-45585 windows 11 security zero day exploit winre recovery mode poc nightmare eclipse chaotic eclipse exploit tool usb attack encryption hack script mitigation guide fstx winpeshl shell unpatched fix tool
bitlocker bitlocker-bypass bitlocker-drive-encryption bitlocker-drive-management bitlocker-lock bitlocker-yellowkey cve-2026-45585 nightmare-eclipse yellow-key yellowkey
TypeScript JavaScript
yellowkey bitlocker github vulnerability bypass cve-2026-45585 windows 11 security zero day exploit winre recovery mode poc nightmare eclipse chaotic eclipse exploit tool usb attack encryption hack script mitigation guide fstx winpeshl shell unpatched fix tool
bitlocker bitlocker-bypass bitlocker-drive-encryption bitlocker-drive-management bitlocker-lock bitlocker-yellowkey cve-2026-45585 nightmare-eclipse yellow-key yellowkey
TypeScript JavaScript
yellowkey bitlocker github vulnerability bypass cve-2026-45585 windows 11 security zero day exploit winre recovery mode poc nightmare eclipse chaotic eclipse exploit tool usb attack encryption hack script mitigation guide fstx winpeshl shell unpatched fix tool
bitlocker bitlocker-bypass bitlocker-drive-encryption bitlocker-drive-management bitlocker-lock bitlocker-yellowkey cve-2026-45585 nightmare-eclipse yellow-key yellowkey
TypeScript JavaScript
yellowkey bitlocker github vulnerability bypass cve-2026-45585 windows 11 security zero day exploit winre recovery mode poc nightmare eclipse chaotic eclipse exploit tool usb attack encryption hack script mitigation guide fstx winpeshl shell unpatched fix tool
bitlocker bitlocker-bypass bitlocker-drive-encryption bitlocker-drive-management bitlocker-lock bitlocker-yellowkey cve-2026-45585 nightmare-eclipse yellow-key yellowkey
TypeScript JavaScript
Results are limited to the first 15 repositories due to potential performance issues.
The following list is the news that have been mention
CVE-2026-45585 vulnerability anywhere in the article.
-
The Hacker News
New GreatXML Exploit Bypasses Windows BitLocker via Recovery Partition XML Files
Security researcher Chaotic Eclipse (aka Nightmare-Eclipse and MSNightmare) has released a new Windows BitLocker bypass dubbed GreatXML, a day after they published an exploit for Microsoft Defender. " ... Read more
-
The Hacker News
Microsoft Patches Record 206 Flaws, Including Three Zero-Days and Critical RCE Bugs
Microsoft on Tuesday released fixes for a record 206 security vulnerabilities impacting its software portfolio, including three flaws that have been publicly disclosed at the time of release. Of the 2 ... Read more
-
Zero Day Initiative
The June 2026 Security Update Review
CVE Title Severity CVSS Public Exploited XI Type CVE-2026-41091 Microsoft Defender Elevation of Privilege Vulnerability Important 7.8 Yes Yes 0 EoP CVE-2026-49160 HTTP.sys Denial of Service Vulnerabil ... Read more
-
The Hacker News
Google June 2026 Android Update Patches 124 Flaws, One Actively Exploited
Google on Monday released patches for 124 security vulnerabilities impacting its Android operating system for the month of June 2026, including one high-severity flaw in the Framework component that h ... Read more
-
The Hacker News
Gamaredon Exploits WinRAR to Deliver GammaWorm and GammaSteel Against Ukraine
The Russian hacking group known as Gamaredon has been attributed to the continued exploitation of a WinRAR vulnerability to deliver multiple malware families aimed at data theft and propagation. Per S ... Read more
-
The Hacker News
Oracle WebLogic CVE-2024-21182 Added to KEV Catalog After Active Exploitation
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a high-severity security flaw impacting Oracle WebLogic Server to its Known Exploited Vulnerabilities (KEV) Catalog, ba ... Read more
-
europa.eu
Cyber Brief 26-06 - May 2026
Cyber Brief (May 2026)June 2, 2026 - Version: 1TLP:CLEARExecutive summaryWe analysed 325 open source reports for this Cyber Brief1.Relating to cyber policy and law enforcement, Europol supported inter ... Read more
-
CybersecurityNews
Microsoft MSRC Allegedly Dismissed Dependency Confusion Vulnerability, Claims Researcher
A dependency confusion vulnerability affecting Microsoft’s Azure Portal after the Microsoft Security Response Center (MSRC) closed the case, claiming the confirmed remote code execution evidence did n ... Read more
-
The Hacker News
Critical WP Maps Pro Flaw Actively Exploited to Create Admin Accounts
Threat actors are attempting to actively exploit a critical security flaw impacting WP Maps Pro, a WordPress plugin that has had over 15,000 sales on the Envato Market, to create malicious administrat ... Read more
-
CybersecurityNews
Microsoft Clarifies It Won’t Sue Security Researchers Amid Nightmare-Eclipse Controversy
Microsoft has clarified its stance, reducing perceived legal threats and reaffirming its commitment to coordinated vulnerability disclosure, following significant backlash from the security research c ... Read more
-
The Hacker News
PAN-OS GlobalProtect Authentication Bypass (CVE-2026-0257) Under Active Exploitation
Palo Alto Networks has warned that a recently disclosed medium-severity security flaw impacting PAN-OS and Prisma Access has come under active exploitation in the wild. The vulnerability, tracked as C ... Read more
-
The Hacker News
Attackers Use LLM Agent for Post-Exploitation After Marimo CVE-2026-39987 Exploit
An unknown threat actor has been observed using a large language model (LLM) agent to conduct post-compromise actions after obtaining initial access following the exploitation of a publicly-accessible ... Read more
-
The Hacker News
Threat Actors Exploit Critical FortiClient EMS Flaw to Deploy Credential Stealer
Threat actors are continuing to exploit a critical, now-patched security flaw impacting FortiClient Endpoint Management Server (EMS) deployments to deliver credential-stealing malware. "The campaign a ... Read more
-
The Hacker News
Microsoft Slams Public Zero-Day Disclosures Amid GitHub Researcher Account Removal
Microsoft has come out strongly in favor of Coordinated Vulnerability Disclosure (CVD), urging the research community to share their findings and give affected vendors an opportunity to better underst ... Read more
-
The Hacker News
ThreatsDay Bulletin: Claude Security Plugin, Azure Priv-Esc, Kali365 MFA Bypass, FIFA Scams +15 More
Every time you think the industry has finally stopped doing some reckless, low-effort crap, somebody spins up a fresh box full of sketchy loaders, fake installers, recycled social-engineering bait, an ... Read more
-
CybersecurityNews
Microsoft Warns Public Release of Zero-Day Details Before Vendor Coordination
Microsoft has issued a strong warning after multiple zero-day vulnerabilities were publicly disclosed without prior coordination, raising concerns about increased risk to users and enterprise environm ... Read more
-
The Hacker News
AI Chatbot Recommendations Redirect Users to Cryptojacking Malware Sites
Microsoft has warned of an active cryptojacking campaign that makes use of artificial intelligence (AI) chatbot interactions as a mechanism for surfacing malicious download sites. "This emerging deliv ... Read more
-
The Hacker News
Microsoft Patches SharePoint RCE Flaw CVE-2026-45659 Across Server Versions
Microsoft has rolled out updates to fix a remote code execution vulnerability impacting SharePoint that could be exploited by bad actors in attacks without requiring any specialized conditions to be m ... Read more
-
The Hacker News
KnowledgeDeliver LMS Flaw Exploited to Deploy Godzilla and Cobalt Strike
A now-patched high-severity security flaw affecting Digital Knowledge KnowledgeDeliver, a Learning Management System (LMS) popular in Japan, was exploited as a zero-day to deliver the Godzilla web she ... Read more
-
The Hacker News
Ghost CMS CVE-2026-26980 Exploited to Hijack 700+ Sites for ClickFix Attacks
Threat actors are exploiting a recently disclosed critical security flaw in Ghost CMS to inject malicious JavaScript code with an aim to fuel ClickFix attacks. According to QiAnXin XLab, the activity ... Read more
The following table lists the changes that have been made to the
CVE-2026-45585 vulnerability over time.
Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.
-
CVE Modified by [email protected]
May. 22, 2026
Action Type Old Value New Value Changed Description Microsoft is aware of a security feature bypass vulnerability in Windows publicly referred to as "YellowKey". The proof of concept for this vulnerability has been made public violating coordinated vulnerability best practices. We are issuing this CVE to provide mitigation guidance that can be implemented to protect against this vulnerability until the security update is made available. Microsoft is aware of a security feature bypass vulnerability in Windows publicly referred to as "YellowKey". The proof of concept for this vulnerability has been made public violating coordinated vulnerability best practices. We are issuing this CVE to provide mitigation guidance that can be implemented to protect against this vulnerability until the security update is made available. Mitigation FAQs Should I leverage the temporary mitigation? Microsoft recommends that you consider implementing these mitigations if you are concerned your devices and data are at risk of being compromised or stolen. For example, if your organization’s employees take their work devices home or on business travel. What impact to service availability/management could be caused by implementing the mitigations? Implementing these mitigations will not impact service availability or management operations. Do customers need to revert the changes made to mitigate the vulnerability once the security update to protect against this vulnerability is available? No. The security update will maintain the mitigation's behavior once the security update is installed. I am using TPM+PIN, am I at risk of this vulnerability being exploited No, if you are using TPM+PIN the vulnerability is not exploitable. -
Initial Analysis by [email protected]
May. 20, 2026
Action Type Old Value New Value Added CPE Configuration OR *cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:* *cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:x64:* *cpe:2.3:o:microsoft:windows_11_26h1:*:*:*:*:*:*:x64:* *cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:x64:* Added Reference Type CISA-ADP: https://github.com/Nightmare-Eclipse/YellowKey Types: Exploit, Third Party Advisory Added Reference Type Microsoft Corporation: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45585 Types: Mitigation, Vendor Advisory -
CVE Modified by 134c704f-9b21-4f2e-91b3-4a467353bcc0
May. 20, 2026
Action Type Old Value New Value Added Reference https://github.com/Nightmare-Eclipse/YellowKey -
New CVE Received by [email protected]
May. 20, 2026
Action Type Old Value New Value Added Description Microsoft is aware of a security feature bypass vulnerability in Windows publicly referred to as "YellowKey". The proof of concept for this vulnerability has been made public violating coordinated vulnerability best practices. We are issuing this CVE to provide mitigation guidance that can be implemented to protect against this vulnerability until the security update is made available. Added CVSS V3.1 AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Added CWE CWE-77 Added Reference https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45585