Vulnerability intelligence
CVE-2023-36424
Microsoft Windows Out-of-Bounds Read Vulnerability
Microsoft Windows
Microsoft Windows Common Log File System Driver contains an out-of-bounds read vulnerability that could allow a threat actor for privileges escalation
CVSS Score
7.8
High
EPSS — Exploit Probability
0.0%
Riskier than 0% of all CVEs
Exploitation
Confirmed in the wild
Used in ransomware campaigns
Remediation
Patch available
Federal deadline 2026-04-27
CISA required action
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. Deadline for federal agencies: 2026-04-27.
5 articles across 5 outlets · first covered Apr 13, 2026 · latest Apr 14, 2026
Coverage timeline
-
Organizations Warned of Exploited Windows, Adobe Acrobat Vulnerabilitieswww.securityweek.com · Apr 14, 2026
-
CISA Adds Critical Adobe, Microsoft, Fortinet Flaws to KEV Catalogsecurityaffairs.com · Apr 14, 2026
-
CISA adds six KEV flaws amid active Fortinet exploitsthehackernews.com · Apr 14, 2026
-
CISA Adds Windows Privilege Flaw CVE-2023-36424 to KEV Catalogwww.cisa.gov · Apr 13, 2026
-
CISA Adds CVE-2023-36424 to Known Exploited Vulnerabilities Cataloguecisa.gov · Apr 13, 2026