Out-of-Bounds Write Vulnerability in Bitdefender Napoca Hypervisor
CVE-2026-10047

8.5HIGH

Key Information:

Vendor: Bitdefender
Status: Napoca Bare-metal Hypervisor
Vendor: CVE Published:; 2 June 2026

🔔 Create Bitdefender Vulnerability Alert

What is CVE-2026-10047?

The Bitdefender Napoca bare-metal hypervisor is susceptible to an out-of-bounds write vulnerability due to improper bounds validation in the real-mode hook handler. This vulnerability arises from the use of a guest-controlled SS:SP-derived offset, allowing for excessive memory access beyond the intended 1MB RealModeMemory buffer. When specific values are used, the computed offset can write approximately 65,519 bytes past the end of the buffer, impacting the hypervisor heap and potentially leading to unauthorized memory modifications. The product, however, is end-of-life and no longer supported by the vendor.

Affected Version(s)

Napoca bare-metal hypervisor all

References

https://www.bitdefender.com/support/security-advisories/o...

CVSS V4

Score:

8.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 2, 2026
Vulnerability Reserved
May 28, 2026

Credit

Sebastián Alba Vives (@Sebasteuo / 0xS4bb1)

CVE-2026-10047 Data

JSON