Description
Netskope was notified about a potential gap in the Endpoint DLP Module for Netskope Client on Windows systems. The successful exploitation of the gap can potentially allow an unprivileged user to trigger an out-of-bounds read within a driver, leading to a Blue-Screen-of-Death (BSOD). Successful exploitation would require the Endpoint DLP module to be enabled in the client configuration. A successful exploit can potentially result in a denial-of-service for the local machine.
Published: 2026-04-29
Score: 6.8 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

An out-of-bounds read in the Netskope Endpoint DLP driver can be triggered by a local unprivileged user when the DLP module is enabled, causing a Blue‑Screen‑of‑Death. The vulnerability is a classic buffer reading flaw (CWE‑125) that does not leak sensitive data but results in a local crash and loss of availability for the affected machine.

Affected Systems

All Windows installations of the Netskope Client that have the Endpoint DLP module enabled are affected. No specific version range has been published, so any release of the client with the DLP module active is potentially vulnerable.

Risk and Exploitability

With a CVSS score of 6.8, this flaw is considered moderate in severity. The attack is local and requires an unprivileged user to target the running client; therefore exploitation is straightforward for anyone who operates the machine. Although the EPSS score is unavailable and the vulnerability is not listed in CISA's KEV catalog, the potential for a Blue‑Screen‐of‑Death means that an exploited system will be unusable until rebooted, effectively denying service to any local user.

Generated by OpenCVE AI on April 29, 2026 at 21:21 UTC.

Remediation

Vendor Workaround

There are no direct workarounds. Some AV and EDR solutions may be able to detect behaviors associated with exploiting this vulnerability.

OpenCVE Recommended Actions

  • Consult Netskope for the latest patch or upgrade to the newest client release that addresses the DLP driver flaw
  • Temporarily disable the Endpoint DLP module in the client configuration until a vendor fix is available
  • Deploy or enable AV/EDR solutions that can detect anomalous driver‑level activity to provide early warning of exploitation attempts

Generated by OpenCVE AI on April 29, 2026 at 21:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 29 Apr 2026 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 29 Apr 2026 16:15:00 +0000

Type Values Removed Values Added
Description Netskope was notified about a potential gap in the Endpoint DLP Module for Netskope Client on Windows systems. The successful exploitation of the gap can potentially allow an unprivileged user to trigger an out-of-bounds read within a driver, leading to a Blue-Screen-of-Death (BSOD). Successful exploitation would require the Endpoint DLP module to be enabled in the client configuration. A successful exploit can potentially result in a denial-of-service for the local machine.
Title Endpoint DLP Driver Out-of-Bounds Read
Weaknesses CWE-125
References
Metrics cvssV4_0

{'score': 6.8, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: Netskope

Published:

Updated: 2026-04-29T16:19:01.503Z

Reserved: 2026-02-19T15:53:21.190Z

Link: CVE-2026-2810

cve-icon Vulnrichment

Updated: 2026-04-29T16:18:58.505Z

cve-icon NVD

Status : Received

Published: 2026-04-29T16:16:22.600

Modified: 2026-04-29T16:16:22.600

Link: CVE-2026-2810

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-29T21:30:20Z

Weaknesses