CVE-2026-45585: YellowKey BitLocker Bypass Exposes Encrypted Data on Windows Devices

CVE-2026-45585 ("YellowKey") is a BitLocker security-feature bypass that leverages crafted FsTx files loaded via USB or EFI and abuses the Windows Recovery Environment to obtain an unrestricted shell and access encrypted volumes on affected Windows 11 (24H2/25H2/26H1) and Windows Server 2025 systems; a public proof-of-concept has been released which lowers replication barriers. Microsoft recommends two mitigations: remove autofstx.exe from the offline WinRE BootExecute setting and reseal WinRE, or require TPM+PIN startup authentication; detection is difficult because the attack occurs pre-boot and there are no vendor-published IOCs.