CVE-2026-2810
Received Received - Intake
Endpoint DLP Module Out-of-Bounds Read in Netskope Client

Publication date: 2026-04-29

Last updated on: 2026-04-29

Assigner: Netskope

Description
Netskope was notified about a potential gap in the Endpoint DLP Module for Netskope Client on Windows systems. The successful exploitation of the gap can potentially allow an unprivileged user to trigger an out-of-bounds read within a driver, leading to a Blue-Screen-of-Death (BSOD). Successful exploitation would require the Endpoint DLP module to be enabled in the client configuration. A successful exploit can potentially result in a denial-of-service for the local machine.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-29
Last Modified
2026-04-29
Generated
2026-06-16
AI Q&A
2026-04-30
EPSS Evaluated
2026-06-14
NVD
CVE-2026-2810
EUVD
EUVD-2026-26239
Affected Vendors & Products
Showing 4 associated CPEs
Vendor Product Version / Range
netskope netskope_client to R136.1 (exc)
netskope netskope_client R129.1.8
netskope netskope_client R132.0.23
netskope netskope_client R135.1.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-125 The product reads data past the end, or before the beginning, of the intended buffer.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in the Endpoint Data Loss Prevention (DLP) Module of the Netskope Client on Windows systems. It allows an unprivileged user to trigger an out-of-bounds read within a driver, which can cause the system to crash with a Blue Screen of Death (BSOD).

Exploitation requires that the Endpoint DLP module is enabled in the client configuration.

Executive Summary

This vulnerability exists in the Endpoint DLP Module of the Netskope Client on Windows systems. It allows an unprivileged user to trigger an out-of-bounds read within a driver, which can cause the system to crash with a Blue Screen of Death (BSOD).

Exploitation requires that the Endpoint DLP module is enabled in the client configuration.

Impact Analysis

If exploited successfully, this vulnerability can cause a denial-of-service condition on the affected local machine by triggering a system crash (BSOD). This means the system would become unavailable until it is restarted.

Impact Analysis

Successful exploitation of this vulnerability can lead to a denial-of-service condition on the affected local machine by causing a Blue Screen of Death (BSOD). This means the system will crash and become temporarily unusable.

Detection Guidance

There is no specific information provided about detection methods or commands to identify this vulnerability on your network or system.

Mitigation Strategies

To mitigate this vulnerability, you should apply the security patches released by Netskope. These patches include versions R136.1 and above, as well as backported versions R129.1.8, R132.0.23, and R135.1.0.

No workarounds are currently available, so patching is the recommended immediate action.

Compliance Impact

The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-2810. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart