THE Known Exploited Vulnerabilities (KEV) Catalog, according to CISA, is the authoritative source of vulnerabilities that have been exploited in the wild, and the current page shows a single entry: CVE-2023-36424 under Microsoft Windows, a Windows Out-of-Bounds Read Vulnerability in the Common Log File System Driver that could allow a threat actor to escalate privileges. The entry notes that it is known to be used in ransomware campaigns?
Unknown, and it advises applying mitigations per vendor instructions, following BOD 22-01 guidance for cloud services, or discontinuing use of the product if mitigations are unavailable. The entry was added on 13 April 2026, with a due date of 27 April 2026. Related references include the Microsoft update guide and NVD details for CVE-2023-36424.