Description
Microsoft is aware of a security feature bypass vulnerability in Windows publicly referred to as "YellowKey". The proof of concept for this vulnerability has been made public violating coordinated vulnerability best practices.
We are issuing this CVE to provide mitigation guidance that can be implemented to protect against this vulnerability until the security update is made available.
Published: 2026-05-19
Score: 6.8 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Microsoft has publicly disclosed a security feature bypass known as "YellowKey" that can be demonstrated through a proof‑of‑concept. The flaw likely allows an attacker to gain unauthorized access to data protected by BitLocker encryption, effectively compromising the confidentiality of the encrypted volume. The identified weakness is classified as CWE‑77, indicating that the bypass may involve command injection or similar input validation failures that could enable arbitrary command execution to retrieve or manipulate encryption keys.

Affected Systems

The vulnerability affects Microsoft Windows 11 versions 24H2, 25H2, and 26H1, as well as Windows Server 2025, including the Server Core installation. All affected builds are identified by the corresponding CPE entries for Windows 11 and Windows Server 2025.

Risk and Exploitability

The CVSS score of 6.8 places the vulnerability in the moderate severity range, and the EPSS score is not available, making it difficult to assess the exact likelihood of exploitation at this time. The vulnerability is not listed in the CISA KEV catalog. Based on the publicly released proof of concept, the attack vector appears to be local or requires elevated privileges, but this inference is not confirmed in the official description.

Generated by OpenCVE AI on May 20, 2026 at 01:50 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Disable the YellowKey feature through the available group policy setting or registry adjustment if Microsoft provides one.
  • Re‑encrypt affected volumes with a new key that does not rely on YellowKey and ensure that automatic unlocking is disabled.
  • Continuously monitor Microsoft security advisories for the release of a patch and apply it immediately upon availability.
  • Apply least‑privilege principles on all accounts that could potentially interact with BitLocker-enabled volumes.

Generated by OpenCVE AI on May 20, 2026 at 01:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 20 May 2026 16:45:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:x64:*
cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:x64:*
cpe:2.3:o:microsoft:windows_11_26h1:*:*:*:*:*:*:x64:*

Wed, 20 May 2026 13:30:00 +0000

Type Values Removed Values Added
References
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Wed, 20 May 2026 10:15:00 +0000

Type Values Removed Values Added
First Time appeared Microsoft windows 11 24h2
Microsoft windows 11 25h2
Microsoft windows 11 26h1
Microsoft windows Server 2025 (server Core Installation)
Vendors & Products Microsoft windows 11 24h2
Microsoft windows 11 25h2
Microsoft windows 11 26h1
Microsoft windows Server 2025 (server Core Installation)

Wed, 20 May 2026 00:00:00 +0000

Type Values Removed Values Added
Description Microsoft is aware of a security feature bypass vulnerability in Windows publicly referred to as &quot;YellowKey&quot;. The proof of concept for this vulnerability has been made public violating coordinated vulnerability best practices. We are issuing this CVE to provide mitigation guidance that can be implemented to protect against this vulnerability until the security update is made available.
Title Windows BitLocker Security Feature Bypass Vulnerability
First Time appeared Microsoft
Microsoft windows 11 24h2
Microsoft windows 11 26h1
Microsoft windows 11 2h2
Microsoft windows Server 2025
Weaknesses CWE-77
CPEs cpe:2.3:o:microsoft:windows_11_24H2:*:*:*:*:*:*:x64:*
cpe:2.3:o:microsoft:windows_11_26H1:*:*:*:*:*:*:x64:*
cpe:2.3:o:microsoft:windows_11_2H2:*:*:*:*:*:*:x64:*
cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*
Vendors & Products Microsoft
Microsoft windows 11 24h2
Microsoft windows 11 26h1
Microsoft windows 11 2h2
Microsoft windows Server 2025
References
Metrics cvssV3_1

{'score': 6.8, 'vector': 'CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:W/RC:C'}

Subscriptions

Microsoft Windows 11 24h2 Windows 11 24h2 Windows 11 25h2 Windows 11 26h1 Windows 11 26h1 Windows 11 2h2 Windows Server 2025 Windows Server 2025 (server Core Installation)
cve-icon MITRE

Status: PUBLISHED

Assigner: microsoft

Published:

Updated: 2026-05-20T13:54:17.729Z

Reserved: 2026-05-12T19:55:45.729Z

Link: CVE-2026-45585

cve-icon Vulnrichment

Updated: 2026-05-20T12:46:25.016Z

cve-icon NVD

Status : Analyzed

Published: 2026-05-20T00:16:44.380

Modified: 2026-05-20T16:42:42.177

Link: CVE-2026-45585

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-20T10:00:04Z

Weaknesses