CVE-2026-2810

CVE-2026-2810 describes a vulnerability in the Endpoint DLP Module of the Netskope Client on Windows systems. The issue allows an unprivileged user to trigger an out-of-bounds read within a kernel driver, leading to a Blue Screen of Death (BSOD) [1]. The root cause is a flaw in how the driver handles certain input from user space.

Exploitation requires the Endpoint DLP module to be enabled in the client configuration. An attacker must have local unprivileged access to the system to trigger the out-of-bounds read, which then causes the system to crash [1]. No network access or additional privileges are needed.

Successful exploitation results in a denial-of-service (DoS) condition, crashing the Windows machine and requiring a reboot. The impact is limited to local system availability; there is no evidence of data breach or privilege escalation [1].

Netskope has released patches: R136.1 and above, with backports to R129.1.8, R132.0.23, and R135.1.0 [1]. No workarounds are available. The vulnerability was reported by Tom Brice, and Netskope is not aware of any active exploitation.