CVE-2026-10047
Analyzed Analyzed - Analysis Complete

Out-of-Bounds Write in Bitdefender Napoca Hypervisor

Vulnerability report for CVE-2026-10047, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-06-02

Last updated on: 2026-06-08

Assigner: Bitdefender

Description

The Bitdefender Napoca bare-metal hypervisor contains an out-of-bounds write vulnerability in the real-mode hook handler, implemented in napoca/kernel/handler.c. The handler uses a guest-controlled SS:SP-derived offset as an index into the 1MB RealModeMemory buffer without bounds validation. With SS=0xFFFF and ESP=0xFFFF, the computed offset can reach 0x10FFEF, exceeding the RealModeMemory buffer by 65,519 bytes. The IRET frame push can therefore write past the end of the buffer into the hypervisor heap. The product is end-of-life and unsupported when assigned.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-06-02
Last Modified
2026-06-08
Generated
2026-07-13
AI Q&A
2026-06-02
EPSS Evaluated
2026-07-11
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
bitdefender napoca *

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-787 The product writes data past the end, or before the beginning, of the intended buffer.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Mitigation Strategies

The Bitdefender Napoca product containing this vulnerability is end-of-life and unsupported, with no fix planned.

The recommended immediate mitigation step is to discontinue use of the Bitdefender Napoca bare-metal hypervisor to avoid exposure to this high severity vulnerability.

Impact Analysis

This vulnerability can lead to memory corruption within the hypervisor heap due to an out-of-bounds write. Such corruption may allow an attacker with limited privileges to execute arbitrary code, cause denial of service, or compromise the integrity and stability of the hypervisor environment.

Since the affected product is end-of-life and unsupported, no fix is planned, increasing the risk for users who continue to use it.

Executive Summary

CVE-2026-10047 is an out-of-bounds write vulnerability in the Bitdefender Napoca bare-metal hypervisor. It occurs in the real-mode hook handler, where a guest-controlled SS:SP-derived offset is used as an index into a 1MB RealModeMemory buffer without proper bounds checking.

Specifically, when SS is set to 0xFFFF and ESP to 0xFFFF, the calculated offset can reach 0x10FFEF, which exceeds the buffer size by 65,519 bytes. This allows the IRET frame push operation to write beyond the end of the buffer into the hypervisor heap, potentially corrupting memory.

Compliance Impact

The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-10047. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart