Home / Vulnerability Intelligence / CVE-2026-2636

CVE-2026-2636 - Vulnerability Analysis

MediumCVSS: 5.5

Last Updated: February 27, 2026

Microsoft Windows - Denial of Service

Published: February 25, 2026Updated: February 27, 2026PoC Available

Overview

Microsoft Windows 11 2024 LTSC and Windows Server 2025 contain a denial of service caused by improper handling of special elements in the CLFS.sys driver, letting unprivileged users trigger system crashes, exploit requires local access.

Severity & Score

Severity: Medium

CVSS Score: 5.5

EPSS Score: 3.8%(Probability of exploitation in next 30 days)

Impact

Unprivileged users can cause system crashes, leading to denial of service.

Mitigation

Update to Windows 25H2 or later versions including the September 2025 cumulative update.

References

https://www.fortra.com/security/advisories/research/fr-2026-001

Social Media Activity(1 post)

Undercode News

@undercodenews

Feb 26, 2026

CVE-2026-2636: Windows CLFS Kernel Flaw Allows Low-Privilege Users to Force BSoD Crashes Introduction: A Silent Kernel Weakness With Loud Consequences A newly detailed Windows kernel vulnerability has drawn attention not because it enables stealthy espionage or privilege escalation, but because of how brutally effective it is. Security researchers have published a working Proof of Concept exploit that allows any low-privileged user to reliably crash a Windows system… https://undercodenews.com/cve-2026-2636-windows-clfs-kernel-flaw-allows-low-privilege-users-to-force-bsod-crashes/

View original post

GitHub Repositories(1 repo)

https://github.com/oxfemale/CVE-2026-2636_PoC

Related Resources

Details

CVE ID: CVE-2026-2636
Severity: Medium
CVSS Score: 5.5
Type: denial_of_service
Status: unconfirmed
EPSS: 3.8%
Social Posts: 1

CWE

CWE-159

CVSS Metrics

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS Score

3.8%Probability of exploitation in the next 30 days