CVE-2026-2636

Received Received - Intake

Improper Handling in CLFS.sys Causes Windows System Crash

Publication date: 2026-02-25

Last updated on: 2026-02-25

Assigner: Fortra

Description

This vulnerability is caused by a CWE‑159: "Improper Handling of Invalid Use of Special Elements" weakness, which leads to an unrecoverable inconsistency in the CLFS.sys driver. This condition forces a call to the KeBugCheckEx function, allowing an unprivileged user to trigger a system crash. Microsoft silently fixed this vulnerability in the September 2025 cumulative update for Windows 11 2024 LTSC and Windows Server 2025. Windows 25H2 (released in September) was released with the patch. Windows 1123h2 and earlier versions remain vulnerable.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published

2026-02-25

Last Modified

2026-02-25

Generated

2026-06-16

AI Q&A

2026-02-25

EPSS Evaluated

2026-06-15

NVD

CVE-2026-2636

EUVD

EUVD-2026-8718

Affected Vendors & Products

Vendor	Product	Version / Range
microsoft	windows_server	to 2025 (exc)
microsoft	windows	From 2025-09 (inc)
microsoft	windows_server	From 2025-09 (inc)
microsoft	windows	to 2025-09 (exc)
microsoft	windows	to 2025 (inc)
microsoft	windows_server	to 2025 (inc)
microsoft	windows	11
microsoft	windows	to 2025 (exc)

Helpful Resources

Exploitability

CWE

KEV

CWE ID	Description
CWE-159	The product does not properly filter, remove, quote, or otherwise manage the invalid use of special elements in user-controlled input, which could cause adverse effect on its behavior and integrity.

Attack-Flow Graph

Executive Summary

This vulnerability is caused by a weakness classified as CWE-159, which involves improper handling of invalid use of special elements. Specifically, it leads to an unrecoverable inconsistency in the CLFS.sys driver, a component in Microsoft Windows.

This inconsistency forces the system to call the KeBugCheckEx function, which triggers a system crash (commonly known as a Blue Screen of Death).

An unprivileged user can exploit this vulnerability to cause the system to crash.

Impact Analysis

The primary impact of this vulnerability is that an unprivileged user can cause a system crash by exploiting the flaw in the CLFS.sys driver.

This results in a denial of service condition, where the affected system becomes unavailable until it is restarted.

There is no indication that this vulnerability allows for data theft or privilege escalation, but the disruption caused by system crashes can affect availability and reliability.

Compliance Impact

I don't know

Detection Guidance

I don't know

Mitigation Strategies

To mitigate this vulnerability, apply the September 2025 cumulative update for Windows 11 2024 LTSC and Windows Server 2025, or upgrade to Windows 25H2 or later versions which include the patch.

Systems running Windows 1123h2 and earlier versions remain vulnerable and should be updated as soon as possible.

Hi! I’m here to help you understand CVE-2026-2636. Ask me anything about the vulnerability, its impact, or mitigation strategies.

0/70

CVE-2026-2636

Improper Handling in CLFS.sys Causes Windows System Crash

Description

CVSS Scores

EPSS Scores

Meta Information

Affected Vendors & Products

Helpful Resources

Exploitability

Attack-Flow Graph

AI Quick Actions

Chat Assistant

EPSS Chart