Out-of-bounds Write Vulnerability in Bitdefender Napoca Hypervisor
CVE-2026-10046

8.5HIGH

Key Information:

Vendor: Bitdefender
Status: Napoca Bare-metal Hypervisor
Vendor: CVE Published:; 2 June 2026

🔔 Create Bitdefender Vulnerability Alert

What is CVE-2026-10046?

The Bitdefender Napoca bare-metal hypervisor features an out-of-bounds write vulnerability in the BIOS INT 0x15 memory map handler. This flaw allows for unauthorized memory access due to the handler computing a destination offset using guest-controlled ES and EDI register values without proper validation. A malicious guest operating in real mode can exploit this by invoking INT 0x15 with specific register values, resulting in a write operation that exceeds the allocated RealModeMemory. This behavior could lead to data corruption or hijacking of memory resources within the hypervisor, posing significant risks to the hypervisor's integrity and stability.

Affected Version(s)

Napoca bare-metal hypervisor all

References

https://www.bitdefender.com/consumer/support/security-adv...

CVSS V4

Score:

8.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 2, 2026
Vulnerability Reserved
May 28, 2026

Credit

Sebastián Alba Vives (@Sebasteuo / 0xS4bb1)

CVE-2026-10046 Data

JSON