CVE-2026-2636

Name of the Vulnerable Software and Affected Versions Windows versions prior to September 2025 cumulative update for Windows 11 2024 LTSC and Windows Server 2025 Windows 11 23H2 and earlier

Description The issue is caused by improper handling of invalid use of special elements within the CLFS.sys driver, specifically related to flag validation in the CClfsRequest::ReadLogPagingIo function. This leads to an unrecoverable inconsistency, triggering a call to the KeBugCheckEx function, which results in a system crash (Blue Screen of Death - BSOD). A proof-of-concept (PoC) exploit has been publicly released, allowing unprivileged users to cause these crashes. The vulnerability affects systems globally and can be used as a denial-of-service weapon in shared or enterprise environments. The vulnerability was silently fixed in the September 2025 cumulative update for Windows 11 2024 LTSC and Windows Server 2025, and was included in the Windows 25H2 release.

Recommendations For Windows versions prior to September 2025 cumulative update for Windows 11 2024 LTSC and Windows Server 2025, install the September 2025 cumulative update or later. For Windows 11 23H2 and earlier versions, install the September 2025 cumulative update or later.