Security researcher Nightmare-Eclipse published two Windows 11 exploits on May 12, 2026. The exploits are named YellowKey and GreenPlasma. YellowKey bypasses BitLocker encryption on Windows 11, Windows Server 2022, and Windows Server 2025. GreenPlasma provides elevated privileges through the Collaborative Translation Framework (CTF).
YellowKey bypasses BitLocker via WinRE
YellowKey works by copying the FsTx folder to a USB drive and booting into Windows Recovery Environment (WinRE). The exploit targets a component found only in WinRE. GreenPlasma's proof of concept does not grant full SYSTEM access but can be escalated further.

Nightmare-Eclipse suggested that YellowKey may be a backdoor intentionally placed by Microsoft. The researcher noted that the same component exists in a normal Windows installation but lacks the functionality that triggers the BitLocker bypass. This allegation remains unproven.
The exploits were published on GitHub. Microsoft has not confirmed the claims or provided a timeline for any response.




Discussion
0 comments
Log in to join the thread with a thoughtful take, question, or correction.