cve-2026-45636

CVE-2026-45636 is a Windows NTFS remote code execution vulnerability disclosed by Microsoft in June 2026. Classified as Important severity, it involves a heap-based buffer overflow and improper input validation in the NTFS driver. Despite the 'remote' label, exploitation is local in CVSS terms, requiring a user to mount a malicious VHD file. The vulnerability affects supported Windows client and server releases and is patched in the June 2026 security updates. This is not a wormable network bug but a serious parsing flaw in a core Windows storage component. Discussions on WindowsForum focus on understanding the attack vector, patching urgency, and the distinction between local and remote exploitation.