CVE-2026-45585: Windows BitLocker Security Feature Bypass Vulnerability

Overview

Severity

N/A

Category

Security Feature Bypass

Exploit Status

Not Exploited

Exploitation Likelihood

More Likely

Publicly Disclosed

Yes

Patch Tuesday

2026-May

Released

2026-05-19

EPSS Score

0.08% (percentile: 24.1%)

Description

Microsoft is aware of a security feature bypass vulnerability in Windows publicly referred to as "YellowKey". The proof of concept for this vulnerability has been made public violating coordinated vulnerability best practices. We are issuing this CVE to provide mitigation guidance that can be implemented to protect against this vulnerability until the security update is made available.

FAQ

What kind of security feature could be bypassed by successfully exploiting this vulnerability? A successful attacker could bypass the BitLocker Device Encryption feature on the system storage device. An attacker with physical access to the target could exploit this vulnerability to gain access to encrypted data.

Detection & Weaponization (1 sources)

Maturity: Exploit

• GitHub PoC: 1 repositories

Affected Products (5)

Windows

• Windows Server 2025 (Server Core installation)
• Windows 11 Version 25H2 for x64-based Systems
• Windows 11 Version 24H2 for x64-based Systems
• Windows Server 2025
• Windows 11 version 26H1 for x64-based Systems

Revision History

• 2026-05-19: Information published.