SB2026052120 - BitLocker security feature bypass in Microsoft Windows
Published: May 21, 2026
Security Bulletin ID
SB2026052120
CSH Severity
Low
Patch available
NO
Number of vulnerabilities
1
Exploitation vector
Physical access
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 vulnerability.
1) Command Injection (CVE-ID: CVE-2026-45585)
CWE-ID: CWE-77 - Command injection
CVSSv4: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows an attacker to bypass BitLocker security feature.
The vulnerability exists due to insufficient input validation. An attacker with physical access to the system can bypass BitLocker security feature and compromise the affected system.
The vulnerability was dubbed "YellowKey" during public disclosure.
Remediation
Cybersecurity Help is not aware of any official remediation provided by the vendor.