By vendor
Bitdefender vulnerabilities
Known CVEs affecting Bitdefender products, prioritized by severity, with SEC.co remediation and detection guidance.
2 published vulnerabilities
- CVE-2026-10046HIGH 7.8
Bitdefender Napoca is a bare-metal hypervisor—a foundational piece of virtualization software that runs directly on hardware. A vulnerability exists in how it handles a legacy BIOS memory lookup request (INT 0x15). When a guest operating system makes this request with specific register values, the hypervisor fails to check whether the destination memory address is valid, allowing data to be written beyond the allocated buffer. An attacker with access to a guest system can exploit this to write data into the hypervisor's internal memory, potentially compromising the entire virtualization layer. Importantly, Napoca is end-of-life and no longer receives vendor support.
- CVE-2026-10047HIGH 7.8
Bitdefender's Napoca bare-metal hypervisor contains a memory safety flaw that allows a local attacker with limited privileges to write data beyond the boundaries of an internal memory buffer. By crafting specific processor register values, an attacker can overflow into the hypervisor's heap memory, potentially corrupting critical hypervisor state or executing arbitrary code. This vulnerability affects an end-of-life product that is no longer receiving security updates.