Chaotic Eclipse Strikes Again: New Zero-Day Unlocks BitLocker in Four Hours of Research
June 11, 2026 
GreatXML bypasses BitLocker via Defender offline scan artifacts, giving SYSTEM shell in Recovery Mode. No patch exists. Any machine that ran an offline scan is vulnerable.
On June 10, security researcher Chaotic Eclipse (aka Nightmare Eclipse) published a new working exploit dubbed GreatXML that bypasses BitLocker and opens a command shell with full SYSTEM privileges while Windows is in Recovery Mode. It came one day after RoguePlanet, an exploit targeting Microsoft Defender that leads to local privilege escalation.
“This was an accidental discovery, it took a total of 4 hours to find this.” wrote. “If you ever attempted to use Windows Defender Offline Scan, you’re automatically vulnerable to a bitlocker bypass. I’m unsure if you can still trigger the bug without ever using the offline scan feature, because you can definitely”
At this pace, Microsoft’s patch team is essentially playing whack-a-mole with someone who has a very long list and no intention of slowing down.
The technical mechanism is straightforward. Microsoft Defender’s offline scan feature, which reboots the system into Windows Recovery Environment (WinRE) to scan for malware outside the running OS, leaves behind configuration artifacts that persist on the recovery partition.
GreatXML exploits the way WinRE processes XML files during the boot sequence.
“If defender offline scan was initiated in the victim machine at any point then there is no need to login, the machine is automatically vulnerable.” reads the PoC description. “You will have to copy “unattend.xml” and “Recovery” directory to the root of the recovery partition then reboot to WinRE using shift + click on restart button, if everything was done correctly, a shell with unrestricted access to the bitlocker volume will spawn.”
The result is a shell with unrestricted access to the BitLocker-protected volume, rendered in two screenshots posted to the GitHub repo.
The attack requires brief physical access to the target machine, or the ability to write to the recovery partition through any other means. An attacker who can touch the machine for the time it takes to copy two files has everything they need, provided the target ever ran a Defender offline scan. That’s not a rare condition. Defender prompts users to run offline scans regularly, particularly after detecting threats it couldn’t remove while Windows was running.
The researcher noted one limitation: the exploit path is easier if Microsoft Defender Offline Scan has already been used. If it hasn’t, an attacker may need to start the scan manually or find another way to boot the system into the required recovery mode. Nightmare Eclipse said they haven’t fully investigated all possible methods and are not currently interested in doing so, leaving some questions unanswered.
“If defender offline scan was never initiated then you have to either login and initiate it yourself or figure out a way to boot into WinRE in offline scan state (I believe it should be very possible to do so without logging in) and follow steps above” continues the description.
The researcher admits he doesn’t fully understand all the conditions needed to trigger the issue and say they aren’t currently interested in digging deeper, which is not very reassuring. At the time of this writing, GreatXML has no patch yet.
GreatXML is the latest vulnerability disclosed by researcher Chaotic Eclipse, following BlueHammer (CVE-2026-33825), UnDefend (CVE-2026-45498), and RedSun (CVE-2026-41091). The disclosures are believed to stem from a dispute with Microsoft over the vulnerability reporting process.
This week, Chaotic Eclipse released a PoC for the RoguePlanet Microsoft Defender zero-day, which can grant SYSTEM privileges on fully patched Windows systems.
In May, the researcher disclosed two other Windows zero-day vulnerabilities named YellowKey and GreenPlasma. The flaws affect BitLocker and the Windows Collaborative Translation Framework (CTFMON). YellowKey could allow attackers to bypass BitLocker protections, while GreenPlasma enables privilege escalation. The researcher previously disclosed three Microsoft Defender vulnerabilities.
The researcher criticized Microsoft for revoking access to their MSRC account, rejecting reports, and failing to provide compensation.
At the end of May, Microsoft’s Security Response Center called the zero-day dumps irresponsible.
“In recent weeks several zero-day vulnerabilities have been publicly disclosed.” reads the report published by Microsoft. “The details of these vulnerabilities were not shared with Microsoft prior to release, and the disclosures put our customers at unnecessary risk.”
The company said its security teams have been working around the clock since the disclosures to understand the impact, build patches, and protect customers from attackers who picked up the published exploit code and ran with it.
Microsoft’s post is essentially a public defense of Coordinated Vulnerability Disclosure, the standard practice where a researcher notifies a vendor privately, gives them time to fix the issue, and then goes public. Microsoft says it works with hundreds of researchers this way every year, compensating them through bug bounty programs and crediting them publicly.
“This partnership allows us to make updates to impacted services before proof-of-concept code can make it into the hands of bad actors.” continues the report. “The vulnerabilities known as RedSun, UnDefend, BlueHammer, YellowKey, GreenPlasma, and MiniPlasma were not responsibly disclosed.”
The implication is clear: when someone skips that step, real people get attacked with real tools built from the published research.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, Nightmare Eclipse)
Stephan is the sports journalist for the Maple Grove Report.
