Description
Netskope was notified about a potential gap in its Netskope Client for Windows systems where a malicious insider with administrative privileges can potentially tamper with the customer IOCTL by sending crafted IOCTL requests to the driver. A successful exploit can result in the bypassing of all anti-tampering protections for the NSClient.Affected Product(s) and Version(s)
* Product Name: Netskope Client
* Affected Platform: Windows
* Affected Version: All version below R138
Published: 2026-06-17
Score: 6.8 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Netskope Client for Windows exposes an IOCTL interface that lacks sufficient access controls. An attacker with local administrative privileges can send specially crafted IOCTL requests to the driver, allowing them to tamper with the client application. This tampering bypasses all anti‑tampering protections built into the NSClient, effectively allowing the attacker to modify or manipulate the client’s operation, potentially compromising data integrity or availability.

Affected Systems

The vulnerability affects the Netskope Client for Windows. All installations running a version earlier than R138 are impacted. Versions R138 and above, as well as R135 (135.1.19.2670+) and R132 (132.0.27.2671+), include the official patch to mitigate the risk.

Risk and Exploitability

The CVSS score of 6.8 indicates a moderate severity vulnerability, and the EPSS score of less than 1% denotes a very low likelihood of exploitation in the wild. The use of this vulnerability requires local administrative rights, so it is primarily an insider threat scenario. It is not listed in the CISA KEV catalog, further reflecting the limited exploitation probability.

Generated by OpenCVE AI on June 17, 2026 at 17:56 UTC.

Remediation

Vendor Solution

Use any of the below version of Netskope Client: * R138 and above * R135 (135.1.19.2670 and above ) * R132 (132.0.27.2671 and above )

Vendor Workaround

No workaround available

OpenCVE Recommended Actions

  • Apply a Netskope Client update to at least version R138 or to one of the higher releases listed in the vendor advisory.
  • Limit local administrator privileges on Windows endpoints that run Netskope Client, ensuring only trusted personnel can manipulate system drivers.
  • Monitor system logs for abnormal IOCTL requests to the NSClient driver and investigate any suspicious activity promptly.

Generated by OpenCVE AI on June 17, 2026 at 17:56 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 18 Jun 2026 04:45:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Wed, 17 Jun 2026 05:15:00 +0000

Type Values Removed Values Added
Description Netskope was notified about a potential gap in its Netskope Client for Windows systems where a malicious insider with administrative privileges can potentially tamper with the customer IOCTL by sending crafted IOCTL requests to the driver. A successful exploit can result in the bypassing of all anti-tampering protections for the NSClient.Affected Product(s) and Version(s) * Product Name: Netskope Client * Affected Platform: Windows * Affected Version: All version below R138
Title Netskope Client Exposed IOCTL with Insufficient Access Controls
Weaknesses CWE-782
References
Metrics cvssV4_0

{'score': 6.8, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: Netskope

Published:

Updated: 2026-06-17T14:57:22.093Z

Reserved: 2026-04-22T15:49:43.557Z

Link: CVE-2025-15641

cve-icon Vulnrichment

Updated: 2026-06-17T14:57:18.624Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-17T18:00:04Z

Weaknesses
  • CWE-782

    Exposed IOCTL with Insufficient Access Control