Main Vulnerability Database Vulnerabilities #VU132037

Command Injection in Windows and Windows Server - CVE-2026-45585

Published: May 21, 2026

Vulnerability identifier: #VU132037

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2026-45585

CWE-ID: CWE-77

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: Microsoft

Affected software:
Windows
Windows Server

Detailed vulnerability description

The vulnerability allows an attacker to bypass BitLocker security feature.

The vulnerability exists due to insufficient input validation. An attacker with physical access to the system can bypass BitLocker security feature and compromise the affected system.

The vulnerability was dubbed "YellowKey" during public disclosure.

How to mitigate CVE-2026-45585

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Sources

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45585

Command Injection in Windows and Windows Server - CVE-2026-45585

Detailed vulnerability description

How to mitigate CVE-2026-45585

Sources

Please verify you're human