CVE-2026-10047
Analyzed Analyzed - Analysis Complete
Out-of-Bounds Write in Bitdefender Napoca Hypervisor

Publication date: 2026-06-02

Last updated on: 2026-06-08

Assigner: Bitdefender

Description
The Bitdefender Napoca bare-metal hypervisor contains an out-of-bounds write vulnerability in the real-mode hook handler, implemented in napoca/kernel/handler.c. The handler uses a guest-controlled SS:SP-derived offset as an index into the 1MB RealModeMemory buffer without bounds validation. With SS=0xFFFF and ESP=0xFFFF, the computed offset can reach 0x10FFEF, exceeding the RealModeMemory buffer by 65,519 bytes. The IRET frame push can therefore write past the end of the buffer into the hypervisor heap. The product is end-of-life and unsupported when assigned.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-02
Last Modified
2026-06-08
Generated
2026-06-22
AI Q&A
2026-06-02
EPSS Evaluated
2026-06-21
NVD
CVE-2026-10047
EUVD
EUVD-2026-33944
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
bitdefender napoca *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-787 The product writes data past the end, or before the beginning, of the intended buffer.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Mitigation Strategies

The Bitdefender Napoca product containing this vulnerability is end-of-life and unsupported, with no fix planned.

The recommended immediate mitigation step is to discontinue use of the Bitdefender Napoca bare-metal hypervisor to avoid exposure to this high severity vulnerability.

Compliance Impact

The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Impact Analysis

This vulnerability can lead to memory corruption within the hypervisor heap due to an out-of-bounds write. Such corruption may allow an attacker with limited privileges to execute arbitrary code, cause denial of service, or compromise the integrity and stability of the hypervisor environment.

Since the affected product is end-of-life and unsupported, no fix is planned, increasing the risk for users who continue to use it.

Executive Summary

CVE-2026-10047 is an out-of-bounds write vulnerability in the Bitdefender Napoca bare-metal hypervisor. It occurs in the real-mode hook handler, where a guest-controlled SS:SP-derived offset is used as an index into a 1MB RealModeMemory buffer without proper bounds checking.

Specifically, when SS is set to 0xFFFF and ESP to 0xFFFF, the calculated offset can reach 0x10FFEF, which exceeds the buffer size by 65,519 bytes. This allows the IRET frame push operation to write beyond the end of the buffer into the hypervisor heap, potentially corrupting memory.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-10047. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart