Nightmare-Eclipse Publishes YellowKey and GreenPlasma Windows 11 Exploits

Security researcher Nightmare-Eclipse published two Windows 11 exploits on May 12, 2026: YellowKey bypasses BitLocker, and GreenPlasma escalates privileges via CTF. Details and implications.

Nightmare-Eclipse Publishes YellowKey and GreenPlasma Windows 11 Exploits

Security researcher Nightmare-Eclipse published two Windows 11 exploits on May 12, 2026. The exploits are named YellowKey and GreenPlasma. YellowKey bypasses BitLocker encryption on 11, Windows Server 2022, and Windows Server 2025. GreenPlasma provides elevated privileges through the Collaborative Translation Framework (CTF).

YellowKey bypasses BitLocker via WinRE

YellowKey works by copying the FsTx folder to a USB drive and booting into Windows Recovery Environment (WinRE). The exploit targets a component found only in WinRE. GreenPlasma's proof of concept does not grant full SYSTEM access but can be escalated further.

Windows 11 BitLocker encryption bypass exploit YellowKey by Nightmare-Eclipse
YellowKey exploits a component in Windows Recovery Environment to bypass BitLocker.

Nightmare-Eclipse suggested that YellowKey may be a backdoor intentionally placed by Microsoft. The researcher noted that the same component exists in a normal Windows installation but lacks the functionality that triggers the BitLocker bypass. This allegation remains unproven.

The exploits were published on GitHub. Microsoft has not confirmed the claims or provided a timeline for any response.

GreenPlasma privilege escalation exploit for Windows 11 Collaborative Translation Framework
GreenPlasma provides elevated privileges through the CTF framework.

Discussion

0 comments

Log in to join the thread with a thoughtful take, question, or correction.

Add to the discussion