CVE-2026-40369: Arbitrary Kernel Address Increment via NtQuerySystemInformation (Class 253)
Summary
The article analyzes CVE-2026-40369, a Windows kernel vulnerability that enables an arbitrary address increment/write via NtQuerySystemInformation. It explains the root cause in ExpGetProcessInformation, presents a PoC, and notes that the bug is exploitable from browser sandboxes; it includes reproduction details and crash evidence.