This paper aims to provide a more detailed explanation of a Windows CVE, labeled CVE-2026-21236, which was published on February 11, 2026. It is a heap-based buffer overflow within the Windows driver: Ancillary Function Driver for WinSock or AFD.sys. This paper details the patch diffing, vulnerability analysis, as well as the proof-of-concept generation of the CVE. A cursory attempt was also made with AI to help determine the location of the vulnerability, which helped improve the speed of discovery. NCC Group has a dedicated Exploit Development Group and security research departments that focus on investigating such vulnerabilities and developing working exploits for our security consultants and red teamers to utilise during their engagements.