Description
This vulnerability is caused by a CWE‑159: "Improper Handling of Invalid Use of Special Elements" weakness, which leads to an unrecoverable inconsistency in the CLFS.sys driver. This condition forces a call to the KeBugCheckEx function, allowing an unprivileged user to trigger a system crash. Microsoft silently fixed this vulnerability in the September 2025 cumulative update for Windows 11 2024 LTSC and Windows Server 2025. Windows 25H2 (released in September) was released with the patch. Windows 1123h2 and earlier versions remain vulnerable.
Published: 2026-02-25
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service (system crash)
Action: Immediate Patch
AI Analysis

Impact

The flaw originates from improper handling of special elements in the CLFS.sys file system driver, a CWE‑159 weakness that can lead an attacker to trigger the KeBugCheckEx routine. When an unprivileged user crafts a malicious input, the driver fails in a way that forces the kernel to issue a bug check, resulting in a non‑recoverable system crash. The consequence is a loss of service and potential data loss, and the flaw does not require elevated privileges.

Affected Systems

Microsoft Windows users are affected, specifically those running Windows 11 1123h2 or earlier, and earlier builds of Windows 11 2024 LTSC and Windows Server 2025. Microsoft released a silent fix in the September 2025 cumulative update for Windows 11 2024 LTSC and Windows Server 2025, which also covered the Windows 25H2 release in September. Systems that have not applied that update remain vulnerable.

Risk and Exploitability

The CVSS score of 5.5 reflects a moderate impact with local attack potential. EPSS indicates a very low exploitation probability (< 1 %). The vulnerability is not listed in the CISA KEV catalog, suggesting no known active exploitation. An attacker only needs local access and does not require any network privileges; the vulnerability is therefore most likely exploited through local user interaction or scripts that run with non‑elevated rights.

Generated by OpenCVE AI on April 18, 2026 at 10:37 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Install the September 2025 cumulative update for Windows 11 2024 LTSC and Windows Server 2025, which includes the CLFS.sys fix.
  • For systems still on Windows 11 1123h2 or earlier, schedule an OS upgrade to a supported version that incorporates the update or apply the cumulative upgrade as soon as possible.
  • Monitor system stability logs for unexpected bug checks and ensure regular backups are performed to recover from any accidental crashes.

Generated by OpenCVE AI on April 18, 2026 at 10:37 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 27 Feb 2026 00:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 26 Feb 2026 13:30:00 +0000

Type Values Removed Values Added
First Time appeared Microsoft
Microsoft windows
Microsoft windows 11
Microsoft windows 11 23h2
Microsoft windows 11 25h2
Microsoft windows Server 2025
Vendors & Products Microsoft
Microsoft windows
Microsoft windows 11
Microsoft windows 11 23h2
Microsoft windows 11 25h2
Microsoft windows Server 2025

Wed, 25 Feb 2026 19:45:00 +0000

Type Values Removed Values Added
Description This vulnerability is caused by a CWE‑159: "Improper Handling of Invalid Use of Special Elements" weakness, which leads to an unrecoverable inconsistency in the CLFS.sys driver. This condition forces a call to the KeBugCheckEx function, allowing an unprivileged user to trigger a system crash. Microsoft silently fixed this vulnerability in the September 2025 cumulative update for Windows 11 2024 LTSC and Windows Server 2025. Windows 25H2 (released in September) was released with the patch. Windows 1123h2 and earlier versions remain vulnerable.
Title Denial of Service in Microsoft OS
Weaknesses CWE-159
References
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

Subscriptions

Microsoft Windows Windows 11 Windows 11 23h2 Windows 11 25h2 Windows Server 2025
cve-icon MITRE

Status: PUBLISHED

Assigner: Fortra

Published:

Updated: 2026-02-26T15:56:55.089Z

Reserved: 2026-02-17T18:49:03.493Z

Link: CVE-2026-2636

cve-icon Vulnrichment

Updated: 2026-02-26T15:56:46.427Z

cve-icon NVD

Status : Deferred

Published: 2026-02-25T20:23:48.910

Modified: 2026-04-15T00:35:42.020

Link: CVE-2026-2636

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T10:45:43Z

Weaknesses