CVE-2026-10047
Received Received - Intake
Out-of-Bounds Write in Bitdefender Napoca Hypervisor

Publication date: 2026-06-02

Last updated on: 2026-06-02

Assigner: Bitdefender

Description
The Bitdefender Napoca bare-metal hypervisor contains an out-of-bounds write vulnerability in the real-mode hook handler, implemented in napoca/kernel/handler.c. The handler uses a guest-controlled SS:SP-derived offset as an index into the 1MB RealModeMemory buffer without bounds validation. With SS=0xFFFF and ESP=0xFFFF, the computed offset can reach 0x10FFEF, exceeding the RealModeMemory buffer by 65,519 bytes. The IRET frame push can therefore write past the end of the buffer into the hypervisor heap. The product is end-of-life and unsupported when assigned.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-02
Last Modified
2026-06-02
Generated
2026-06-02
AI Q&A
2026-06-02
EPSS Evaluated
N/A
NVD
CVE-2026-10047
EUVD
EUVD-2026-33944
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
bitdefender napoca *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-787 The product writes data past the end, or before the beginning, of the intended buffer.
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:

The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.


What immediate steps should I take to mitigate this vulnerability?

The Bitdefender Napoca product containing this vulnerability is end-of-life and unsupported, with no fix planned.

The recommended immediate mitigation step is to discontinue use of the Bitdefender Napoca bare-metal hypervisor to avoid exposure to this high severity vulnerability.


How can this vulnerability impact me? :

This vulnerability can lead to memory corruption within the hypervisor heap due to an out-of-bounds write. Such corruption may allow an attacker with limited privileges to execute arbitrary code, cause denial of service, or compromise the integrity and stability of the hypervisor environment.

Since the affected product is end-of-life and unsupported, no fix is planned, increasing the risk for users who continue to use it.


Can you explain this vulnerability to me?

CVE-2026-10047 is an out-of-bounds write vulnerability in the Bitdefender Napoca bare-metal hypervisor. It occurs in the real-mode hook handler, where a guest-controlled SS:SP-derived offset is used as an index into a 1MB RealModeMemory buffer without proper bounds checking.

Specifically, when SS is set to 0xFFFF and ESP to 0xFFFF, the calculated offset can reach 0x10FFEF, which exceeds the buffer size by 65,519 bytes. This allows the IRET frame push operation to write beyond the end of the buffer into the hypervisor heap, potentially corrupting memory.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart