Skip to main content
Press slash or control plus K to focus the search. Use the arrow keys to navigate results and press enter to open a threat.
Reconnecting to live updates…
EPSS 1.2%top 34%

CVE-2026-45585: CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') in Microsoft Windows 11 Version 24H2

0
Medium
VulnerabilityCVE-2026-45585cvecve-2026-45585cwe-77
Published: 05/19/2026 (05/19/2026, 23:30:26 UTC)
Source: CVE Database V5
Vendor/Project: Microsoft
Product: Windows 11 Version 24H2

Description

CVE-2026-45585 is a command injection vulnerability (CWE-77) affecting Microsoft Windows 11 Version 24H2 (build 10.0.26100.0). It is publicly known as the "YellowKey" security feature bypass vulnerability. Microsoft has not yet released a security update but provides mitigation guidance that can be applied without impacting service availability. Devices using TPM+PIN are not vulnerable to exploitation. The vulnerability has a CVSS score of 6.8, indicating medium severity.

CVSS v3.1

Score 6.8medium

Attack Vector
Physical
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:W/RC:C

Affected software

Affected versions
=10.0.26100.0

AI-Powered Analysis

Machine-generated threat intelligence

AILast updated: 07/04/2026, 20:52:20 UTC

Technical Analysis

This vulnerability involves improper neutralization of special elements used in a command, allowing potential command injection on Windows 11 Version 24H2 (build 10.0.26100.0). Microsoft acknowledges the issue and has issued a CVE to provide mitigation guidance until an official security update is available. The vulnerability is known as "YellowKey" and a proof of concept has been publicly disclosed. Microsoft recommends applying the provided mitigations, which do not affect service availability or management operations. Systems using TPM+PIN are not exploitable. No official patch is currently available; the remediation level is classified as a workaround.

Potential Impact

Exploitation of this vulnerability could lead to full confidentiality, integrity, and availability impact on affected systems, as indicated by the CVSS vector (C:H/I:H/A:H). However, exploitation requires local access (AV:P) and no privileges (PR:N) or user interaction (UI:N) are needed. The vulnerability could allow attackers to bypass security features and execute arbitrary commands, potentially compromising devices and data.

Mitigation Recommendations

Microsoft currently recommends implementing the provided temporary mitigations to protect devices until a security update is released. These mitigations do not impact service availability or management operations. Users employing TPM+PIN are not at risk from this vulnerability. Once the official security update is available, it will maintain the mitigation behavior, so reverting changes is not necessary. Patch status is not yet confirmed — check the Microsoft advisory at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45585 for current remediation guidance.

Pro Console: star threats, build custom feeds, automate alerts via Slack, email & webhooks.Upgrade to Pro

Technical Details

Data Version
5.2
Assigner Short Name
microsoft
Date Reserved
2026-05-12T19:55:45.729Z
Cvss Version
3.1
State
PUBLISHED
Remediation Level
workaround
Vendor Advisory Urls
[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45585","vendor":"Microsoft"}]

Threat ID: 6a0cf6e2ba1db47362fb1b52

Added to database: 05/19/2026, 23:48:50 UTC

Last enriched: 07/04/2026, 20:52:20 UTC

Last updated: 07/04/2026, 20:52:37 UTC

Views: 286

Community Reviews

0 reviews

Crowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.

Sort by
Loading community insights…

Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.

Actions

PRO

Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.

Please log in to the Console to use AI analysis features.

Need more coverage?

Upgrade to Pro Console for AI refresh and higher limits.

For incident response and remediation, OffSeq services can help resolve threats faster.

Latest Threats

Breach by OffSeqOFFSEQFRIENDS — 25% OFF

Check if your credentials are on the dark web

Instant breach scanning across billions of leaked records. Free tier available.

Scan now
OffSeq TrainingCredly Certified

Lead Pen Test Professional

Technical5-day eLearningPECB Accredited
View courses