Vulnerabilities ›

CVE-2026-45585

Medium

CWE-77 — Weakness Type

                    Published: May 20, 2026                      ·  Modified: May 20, 2026                      ·  Source: NVD                

CVSS v3

6.8

🔗 NVD Official

📄 Description (English)

Microsoft is aware of a security feature bypass vulnerability in Windows publicly referred to as "YellowKey". The proof of concept for this vulnerability has been made public violating coordinated vulnerability best practices.
We are issuing this CVE to provide mitigation guidance that can be implemented to protect against this vulnerability until the security update is made available.

🤖 AI Executive Summary

CVE-2026-45585 is a Windows security feature bypass vulnerability known as 'YellowKey' that allows attackers to circumvent security controls. A proof of concept has been publicly disclosed, increasing the risk of exploitation before patches are available.

📄 Description (Arabic)

ثغرة YellowKey تسمح للمهاجمين بتجاوز ميزات الأمان الحرجة في نظام Windows. تم الكشف عن إثبات المفهوم علنًا، مما يزيد من خطر الاستغلال الفوري قبل توفر التصحيحات الأمنية.

🤖 ملخص تنفيذي (AI)

This vulnerability affects Windows security features and has been publicly disclosed with working exploit code. Organizations should implement immediate mitigation strategies while awaiting official security updates from Microsoft.

🤖 AI Intelligence Analysis Analyzed: May 21, 2026 10:00

🇸🇦 Saudi Arabia Impact Assessment

Saudi Relevance: high

🏢 Affected Saudi Sectors

banking telecom energy government healthcare

🎯 MITRE ATT&CK Techniques

T1548 T1134 T1548.004 T1547.001

⚖️ Saudi Risk Score (AI)

7.0

/ 10.0

🔧 Remediation Steps (English)

Apply Microsoft security updates immediately upon release. Implement network segmentation to limit lateral movement. Monitor for suspicious process execution and unauthorized privilege escalation attempts. Disable unnecessary Windows features and services. Apply principle of least privilege to user accounts. Consider using application whitelisting to prevent unauthorized code execution.

🔧 خطوات المعالجة (العربية)

طبق تحديثات أمان Microsoft فور إصدارها. نفذ تقسيم الشبكة لتحديد الحركة الجانبية. راقب محاولات تنفيذ العمليات المريبة وتصعيد الامتيازات غير المصرح بها. عطل الميزات والخدمات غير الضرورية في Windows. طبق مبدأ أقل امتياز على حسابات المستخدمين. فكر في استخدام القائمة البيضاء للتطبيقات.

📋 Regulatory Compliance Mapping

🟢 NCA ECC 2024

A.1.1.1 A.2.1.1 A.2.1.2 A.3.1.1

🔵 SAMA CSF

ID.BE-1 PR.AC-1 PR.AC-3 DE.CM-1

🟡 ISO 27001:2022

A.5.1.1 A.6.1.1 A.9.1.1 A.12.2.1

🔗 References & Sources 1

🔗

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45585

secure@microsoft.com

📊 CVSS Score

6.8

/ 10.0 — Medium

📊 CVSS Vector

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack VectorP — Physical

Attack ComplexityL — Low / Local

Privileges RequiredN — None / Network

User InteractionN — None / Network

ScopeU — Unchanged

ConfidentialityH — High

IntegrityH — High

AvailabilityH — High

📋 Quick Facts

Severity Medium

CVSS Score6.8

CWECWE-77

EPSS0.11%

Exploit No

Patch ✗ No

Published 2026-05-20

Source Feed nvd

🇸🇦 Saudi Risk Score

7.0

/ 10.0 — Saudi Risk

Priority: HIGH

🏷️ Tags

CWE-77

⚡ Actions

🔗 NVD Official Page ⚡ Exploit-DB Search 🐙 GitHub PoC Search 🎯 MITRE ATT&CK 📊 CVE Details

CVE-2026-45585

Introduce Yourself

Sign In Required