CVE-2026-10047

216.73.217.22

· Published 02/06/2026 16:16 · Modified 02/06/2026 17:14

Labels: CVE-2026-10047 2026-06-02 CVE-2026-10047 CWE-787 [email protected]

Essential information

Published: 02/06/2026 16:16
Modified: 02/06/2026 17:14
Author: —
Creator: —
CVSS: 8.5 HIGH (v3) 8.5 HIGH (v4.0)
CISA KEV: No
CWE: —
CVSS vector: —

CVSS metrics

Description

The Bitdefender Napoca bare-metal hypervisor contains an out-of-bounds write vulnerability in the real-mode hook handler, implemented in napoca/kernel/handler.c. The handler uses a guest-controlled SS:SP-derived offset as an index into the 1MB RealModeMemory buffer without bounds validation. With SS=0xFFFF and ESP=0xFFFF, the computed offset can reach 0x10FFEF, exceeding the RealModeMemory buffer by 65,519 bytes. The IRET frame push can therefore write past the end of the buffer into the hypervisor heap. The product is end-of-life and unsupported when assigned.

NVD status

Status: Undergoing Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source: [email protected]
NVD: View on NVD

Affected products (CPE)

Product	CPE
bitdefender / napoca	`cpe:2.3:a:bitdefender:napoca::::::::`