CVEFinder.io

CVE-2026-45585

πŸ”Ά medium
πŸ” Scan for this CVE
Summary

Microsoft is aware of a security feature bypass vulnerability in Windows publicly referred to as "YellowKey". The proof of concept for this vulnerability has been made public violating coordinated vulnerability best practices. We are issuing this CVE to provide mitigation guidance that can be implemented to protect against this vulnerability until the security update is made available. Mitigation FAQs Should I leverage the temporary mitigation? Microsoft recommends that you consider im

Description

Microsoft is aware of a security feature bypass vulnerability in Windows publicly referred to as "YellowKey". The proof of concept for this vulnerability has been made public violating coordinated vulnerability best practices.
We are issuing this CVE to provide mitigation guidance that can be implemented to protect against this vulnerability until the security update is made available.
Mitigation FAQs
Should I leverage the temporary mitigation?
Microsoft recommends that you consider implementing these mitigations if you are concerned your devices and data are at risk of being compromised or stolen. For example, if your organization’s employees take their work devices home or on business travel.
What impact to service availability/management could be caused by implementing the mitigations?
Implementing these mitigations will not impact service availability or management operations.
Do customers need to revert the changes made to mitigate the vulnerability once the security update to protect against this vulnerability is available?
No. The security update will maintain the mitigation's behavior once the security update is installed.
I am using TPM+PIN, am I at risk of this vulnerability being exploited
No, if you are using TPM+PIN the vulnerability is not exploitable.

CVSS Score
6.8
Medium
EPSS Score
0.1
Exploit Probability
Published Date
2026-05-20
First Seen: 2026-05-20
πŸ“Š Relative Risk Intelligence

This CVE is Lower Risk - more severe than 48.9% of all 326,604 vulnerabilities in our database.

#167,034
Below average severity
Severity Percentile
🎯 CISA SSVC Assessment Updated: May 20, 2026
πŸ” Exploitation Status
Poc
Proof-of-concept available
βš™οΈ Automatable
NO
Requires human interaction
πŸ’₯ Technical Impact
Total
Complete system compromise possible
SSVC data provided by CISA
Last Modified 2026-05-22
Source NVD πŸ”—
CVSS Vector 3.1 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE IDs (Weakness Types)
CWE-77

πŸ“¦ Affected Products 4

Vendor Product Status Affected Versions
microsoft windows_11_24h2 Affected All versions
microsoft windows_server_2025 Affected All versions
microsoft windows_11_25h2 Affected All versions
microsoft windows_11_26h1 Affected All versions

πŸ”— References 2

https://msrc.microsoft.com/update-guide/vulnerabilit...
Mitigation Vendor Advisory
https://github.com/Nightmare-Eclipse/YellowKey
Exploit Third Party Advisory

πŸ”— Related CVEs 6

CVE ID Severity CVSS EPSS Summary Published
CVE-2026-21530 πŸ”Ά medium 6.7 0.1 Double free in Windows Rich Text Edit allows an authorized attacker to elevate privileges locally. 2026-05-12
CVE-2026-32161 ⚠️ high 7.5 0.1 Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Native WiFi Minip... 2026-05-12
CVE-2026-32170 πŸ”Ά medium 6.7 0.1 Double free in Windows Rich Text Edit allows an authorized attacker to elevate privileges locally. 2026-05-12
CVE-2026-32209 πŸ”Ά medium 4.4 0.0 Improper access control in Windows Filtering Platform (WFP) allows an authorized attacker to bypass a security feature l... 2026-05-12
CVE-2026-33834 ⚠️ high 7.8 0.0 Improper access control in Windows Event Logging Service allows an authorized attacker to elevate privileges locally. 2026-05-12
CVE-2026-33835 ⚠️ high 7.8 0.1 Use after free in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally. 2026-05-12
These CVEs affect the same products