{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2026-2810","assignerOrgId":"bf992f6a-e49d-4e94-9479-c4cff32c62bc","state":"PUBLISHED","assignerShortName":"Netskope","dateReserved":"2026-02-19T15:53:21.190Z","datePublished":"2026-04-29T15:23:11.592Z","dateUpdated":"2026-04-29T16:19:01.503Z"},"containers":{"cna":{"providerMetadata":{"orgId":"bf992f6a-e49d-4e94-9479-c4cff32c62bc","shortName":"Netskope","dateUpdated":"2026-04-29T15:23:11.592Z"},"title":"Endpoint DLP Driver Out-of-Bounds Read","datePublic":"2026-04-29T15:30:00.000Z","problemTypes":[{"descriptions":[{"lang":"en","cweId":"CWE-125","description":"CWE-125 Out-of-bounds read","type":"CWE"}]}],"impacts":[{"capecId":"CAPEC-540","descriptions":[{"lang":"en","value":"CAPEC-540 Overread Buffers"}]}],"affected":[{"vendor":"Netskope","product":"Client","platforms":["Windows"],"versions":[{"status":"affected","version":"0","lessThan":"129.1.8,132.0.23,135.1.0,136.1","versionType":"custom"}],"defaultStatus":"unaffected"}],"descriptions":[{"lang":"en","value":"Netskope was notified about a potential gap in the Endpoint DLP Module for Netskope Client on Windows systems. The successful exploitation of the gap can potentially allow an unprivileged user to trigger an out-of-bounds read within a driver, leading to a Blue-Screen-of-Death (BSOD). Successful exploitation would require the Endpoint DLP module to be enabled in the client configuration. A successful exploit can potentially result in a denial-of-service for the local machine.","supportingMedia":[{"type":"text/html","base64":false,"value":"Netskope was notified about a potential gap in the Endpoint DLP Module for Netskope Client on Windows systems. The successful exploitation of the gap can potentially allow an unprivileged user to trigger an out-of-bounds read within a driver, leading to a Blue-Screen-of-Death (BSOD). Successful exploitation would require the Endpoint DLP module to be enabled in the client configuration. A successful exploit can potentially result in a denial-of-service for the local machine."}]}],"references":[{"url":"https://www.netskope.com/resources/netskope-resources/netskope-security-advisory-nskpsa-2026-002","tags":["vendor-advisory"]},{"url":"https://support.netskope.com/s/article/Netskope-Security-Advisory-NSKPSA-2026-002-Netskope-Endpoint-DLP-Driver-Security-Advisory","tags":["vendor-advisory"]}],"metrics":[{"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}],"cvssV4_0":{"attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","subConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","subIntegrityImpact":"NONE","vulnAvailabilityImpact":"HIGH","subAvailabilityImpact":"HIGH","exploitMaturity":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED","version":"4.0","baseSeverity":"MEDIUM","baseScore":6.8,"vectorString":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H"}}],"configurations":[{"lang":"en","value":"The Endpoint DLP module must be enabled in the client configuration.","supportingMedia":[{"type":"text/html","base64":false,"value":"The Endpoint DLP module must be enabled in the client configuration."}]}],"workarounds":[{"lang":"en","value":"There are no direct workarounds. Some AV and EDR solutions may be able to detect behaviors associated with exploiting this vulnerability.","supportingMedia":[{"type":"text/html","base64":false,"value":"There are no direct workarounds. Some AV and EDR solutions may be able to detect behaviors associated with exploiting this vulnerability."}]}],"credits":[{"lang":"en","value":"Tom Brice","type":"reporter"}],"source":{"advisory":"NSKPSA-2026-002","discovery":"UNKNOWN"},"x_generator":{"engine":"Vulnogram 1.0.2"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2026-04-29T16:18:54.478070Z","id":"CVE-2026-2810","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2026-04-29T16:19:01.503Z"}}]}}