Lyceum News Desk ·

[KEV] CVE-2023-36424 -- CVSS 0.0 Vulnerability Briefing

[KEV] CVE-2023-36424 | CVSS 0.0 (Low) | Exploit: Operational

What Is It

CVE-2023-36424 is an out-of-bounds read vulnerability in the Microsoft Windows Common Log File System (CLFS) Driver, a kernel-mode component present across supported Windows operating systems.

Technical Detail

The flaw resides in the CLFS driver's handling of log file data structures, where insufficient bounds validation allows an attacker to read memory outside of an intended buffer. A locally authenticated attacker can trigger this condition to escalate privileges, potentially gaining SYSTEM-level access on the affected host. The vulnerability requires local access to exploit, meaning it is most commonly chained with an initial access vector or used by an insider threat to elevate control.

Exploitation Status

CISA has confirmed active exploitation in the wild, adding this CVE to the Known Exploited Vulnerabilities catalog on April 13, 2026. The exploit maturity is rated Operational, meaning functional exploit code capable of reliable use in real-world attacks exists and is being actively leveraged, not merely demonstrated in a controlled research setting.

Who Is Targeting This

No specific threat actor attribution has been confirmed at this time. No campaign data or sector targeting information is currently available in the intelligence record for this CVE.

What To Do

Apply the relevant Microsoft security update immediately. Per CISA's Binding Operational Directive 22-01, federal civilian executive branch agencies are required to patch this vulnerability by the deadline associated with the April 13, 2026 KEV listing. All organizations should treat this as a high-priority patch given confirmed in-the-wild exploitation, regardless of the nominal CVSS score, which does not reflect the operational risk. Defenders should monitor for anomalous CLFS driver activity, unexpected privilege escalation events, and token manipulation behaviors in endpoint detection telemetry as potential indicators of exploitation attempts.

CVE

Free intelligence, delivered to your inbox.