Description

This vulnerability is caused by a CWE‑159: "Improper Handling of Invalid Use of Special Elements" weakness, which leads to an unrecoverable inconsistency in the CLFS.sys driver. This condition forces a call to the KeBugCheckEx function, allowing an unprivileged user to trigger a system crash. Microsoft silently fixed this vulnerability in the September 2025 cumulative update for Windows 11 2024 LTSC and Windows Server 2025. Windows 25H2 (released in September) was released with the patch. Windows 1123h2 and earlier versions remain vulnerable.

INFO

Published Date :

2026-02-25T18:57:02.962Z

Last Modified :

2026-02-26T15:56:55.089Z

Source :

Fortra
AFFECTED PRODUCTS

The following products are affected by CVE-2026-2636 vulnerability.

Vendors Products
Microsoft
  • Windows
  • Windows 11
  • Windows 11 23h2
  • Windows 11 25h2
  • Windows Server 2025
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-2636.

URL Resource
https://www.fortra.com/security/advisories/research/fr-2026-001 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact