CVE-2026-2636

CVE-2026-2636 is a medium-severity vulnerability with a CVSS 3.x base score of 5.5. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low. The underlying weakness is classified as CWE-159.

Key facts

Description

This vulnerability is caused by a CWE‑159: "Improper Handling of Invalid Use of Special Elements" weakness, which leads to an unrecoverable inconsistency in the CLFS.sys driver. This condition forces a call to the KeBugCheckEx function, allowing an unprivileged user to trigger a system crash. Microsoft silently fixed this vulnerability in the September 2025 cumulative update for Windows 11 2024 LTSC and Windows Server 2025. Windows 25H2 (released in September) was released with the patch. Windows 1123h2 and earlier versions remain vulnerable.

Frequently asked questions

What is CVE-2026-2636?
This vulnerability is caused by a CWE‑159: "Improper Handling of Invalid Use of Special Elements" weakness, which leads to an unrecoverable inconsistency in the CLFS.sys driver. This condition forces a call to the KeBugCheckEx function, allowing an unprivileged user to trigger a system crash. Microsoft silently fixed this vulnerability in the September 2025 cumulative update for Windows 11 2024 LTSC and Windows Server 2025. Windows 25H2 (released in September) was released with the patch. Windows 1123h2 and earlier versions remain vulnerable.
How severe is CVE-2026-2636?
CVE-2026-2636 has a CVSS 3.x base score of 5.5, rated medium severity. It is exploitable over local access with low attack complexity, requires low privileges and no user interaction. Impact on confidentiality is none, integrity none, and availability high.
Is CVE-2026-2636 being actively exploited?
It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 0% (33rd percentile), an estimate of the probability of exploitation in the next 30 days.
How do I fix CVE-2026-2636?
Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround.
Does CVE-2026-2636 have an EU (EUVD) identifier?
Yes. CVE-2026-2636 is tracked in the ENISA EU Vulnerability Database (EUVD) as EUVD-2026-8718.
When was CVE-2026-2636 published?
CVE-2026-2636 was published on 2026-02-25 and last updated on 2026-06-17.

References

Other CWE-159 vulnerabilities

Browse all CWE-159 vulnerabilities →