Feb 2026: Denial of Service in Microsoft OS
CVE-2026-2636 Published on February 25, 2026
Denial of Service in Microsoft OS
This vulnerability is caused by a CWE159: "Improper Handling of Invalid Use of Special Elements" weakness, which leads to an unrecoverable inconsistency in the CLFS.sys driver. This condition forces a call to the KeBugCheckEx function, allowing an unprivileged user to trigger a system crash. Microsoft silently fixed this vulnerability in the September 2025 cumulative update for Windows 11 2024 LTSC and Windows Server 2025. Windows 25H2 (released in September) was released with the patch. Windows 1123h2 and earlier versions remain vulnerable.
Vulnerability Analysis
CVE-2026-2636 is exploitable with local system access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality and integrity, and a high impact on availability.
Weakness Type
Improper Handling of Invalid Use of Special Elements
The product does not properly filter, remove, quote, or otherwise manage the invalid use of special elements in user-controlled input, which could cause adverse effect on its behavior and integrity.
Products Associated with CVE-2026-2636
Want to know whenever a new CVE is published for Microsoft Windows? stack.watch will email you.
Affected Versions
Microsoft Windows OS:- Before 25H2 is affected.
- Before and including 1123h2 is affected.