cve-2026-45585

About this tag
CVE-2026-45585, also known as YellowKey, is a publicly disclosed Windows 11 BitLocker bypass vulnerability that exploits Windows Recovery Environment behavior to expose encrypted drives to attackers with physical access. Microsoft acknowledged the issue in mid-May 2026 after researcher Nightmare-Eclipse published proof-of-concept details outside coordinated disclosure norms. The vulnerability forced Microsoft to turn the June 9, 2026 security release for hotpatch-capable Windows 11 Enterprise LTSC 2024 into a restart-required baseline update, replacing the expected hotpatch. This incident highlights that BitLocker's weakest point may be the recovery machinery rather than encryption itself, and that hotpatching's no-restart promise has limits when a disclosed vulnerability changes the risk equation.
  1. CVE-2026-45585: How Windows WinRE and BootNext May Bypass UEFI/BIOS Passwords

    Microsoft’s Windows Recovery Environment is now tied to CVE-2026-45585, a security feature bypass disclosed in June 2026 that can let attackers with physical or administrative access abuse recovery boot paths on some Windows 10 and Windows 11 devices to bypass UEFI or BIOS password enforcement...
  2. June 9, 2026 Windows Hotpatch Break: Restart-Required Baseline for CVE-2026-45585

    Microsoft turned the June 9, 2026 Windows security release for hotpatch-capable Windows 11 Enterprise LTSC 2024 devices into a restart-required baseline update, replacing the expected hotpatch because CVE-2026-45585 was publicly disclosed outside normal coordinated vulnerability disclosure...
  3. YellowKey BitLocker Bypass (CVE-2026-45585): WinRE Recovery as the Real Risk

    Microsoft acknowledged YellowKey, a publicly disclosed Windows 11 BitLocker bypass now tracked as CVE-2026-45585, in mid-May 2026 after researcher Nightmare-Eclipse published proof-of-concept details showing how Windows Recovery Environment behavior can expose encrypted drives to an attacker...