Ctrl + K
/ news / CVE
CVEPublished 2026-05-20Modified 2026-05-203 articles on news6 live referencesNVD data

CVE-2026-45585Microsoft · Windows_11_24h2

Vulnerability data via NVD (ingested)

CVSS v3.1
6.8
MEDIUM
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS percentile
Weaknesses (CWE)
CWE-77Improper Neutralization of Special Elements used in a Command ('Command Injection')
Description

Microsoft is aware of a security feature bypass vulnerability in Windows publicly referred to as "YellowKey". The proof of concept for this vulnerability has been made public violating coordinated vulnerability best practices. We are issuing this CVE to provide mitigation guidance that can be implemented to protect against this vulnerability until the security update is made available.

Timeline
Published 2026-05-20
Modified 2026-05-20

External references

NVDMITREExploit-DBGitHub PoCSploitusVulnCheck

Search for exposed instances

Shodan + Censys queries derived from NVD's CPE data. The vuln tag catches assets Shodan has explicitly linked to this CVE; the product / banner fingerprints find exposed instances even when the vuln tag was never applied (which is common).

Shodan · vuln tag0 hosts
vuln:CVE-2026-45585
Hosts Shodan has explicitly fingerprinted as vulnerable.
Shodan · OS
os:"Windows 11 24h2"
Hosts Shodan identified as running Windows 11 24h2.
More intel sources (5)
Shodan report
vuln:CVE-2026-45585
Country / ASN / product breakdown for the vuln query.
Censys
vulnerabilities.cve_id: CVE-2026-45585
Censys host search filtered to this CVE id.
grep.app
CVE-2026-45585
Public source-code mentions — fast PoC discovery.
GitHub code
CVE-2026-45585
GitHub code search for direct mentions.
Google dork
"CVE-2026-45585" exploit -site:nvd.nist.gov
Write-ups and news, NVD excluded.

Known PoCs on GitHub (8)

CVE-2026-455858 repos
nomi-sec/PoC-in-GitHubunknown
📡 PoC auto collect from GitHub. ⚠️ Be careful Malware.
★ 7,844·updated today
Wack0/bitlocker-attacksunknown
A list of public attacks on BitLocker
★ 455·updated 1w ago
DarkFunct/TK-CVE-RepoPython
TK-CVE-Repo
★ 51·updated 1w ago
saradasen27-collab/yellowkey-forensic-decryptorHTML
YellowKey BitLocker 2026 Bypass – Next-Gen Drive Lock Decryption & Exploit Tool
★ 17·updated today
UnknownHF/YKWriterC#
A WinForms wrapper for Nightmare Eclipse's YellowKey exploit, automating the creation of USB recovery media to access previously inaccessible files on Windows 11 systems.
★ 16·updated 2w ago
zulloper/cve-pocPython
CVE POC repo 자동 수집기
★ 13·updated today
alexadvanced95/yellowkey-bitlockerTypeScript
Bypass BitLocker encryption on Windows 10 and 11 using this TPM-targeted USB exploit for physical access testing.
★ 8·updated 1d ago
allenhouchins/fleet-extensionsGo
★ 3·updated 2w ago
Articles on news mentioning CVE-2026-45585