CVE-2026-2810: Out-of-Bounds Read in Netskope Client

The core impact of CVE-2026-2810 is a denial-of-service (DoS) condition. An attacker who can successfully exploit this vulnerability can trigger a BSOD, effectively crashing the local machine and disrupting its operations. The vulnerability requires the Endpoint DLP module to be enabled within the Netskope Client configuration, limiting the attack surface to systems where this feature is active. While the vulnerability doesn't directly lead to data exfiltration or remote code execution, the resulting DoS can be disruptive and potentially allow an attacker to mask other malicious activities. The blast radius is limited to the individual machine experiencing the BSOD; however, in environments with many Netskope clients, the cumulative impact could be significant.

1. Published2026-04-29
2. EPSS updated2026-05-07

The primary mitigation for CVE-2026-2810 is to upgrade the Netskope Client Endpoint DLP Driver to a version containing the fix (129.1.8, 132.0.23, 135.1.0, or 136.1). If immediate upgrading is not possible due to compatibility issues or testing requirements, consider temporarily disabling the Endpoint DLP module within the Netskope Client configuration. This will reduce the attack surface, but also disable the DLP functionality. There are no known WAF or proxy rules that can directly mitigate this driver-level vulnerability. Monitor system logs for BSOD events and correlate them with Netskope Client activity to identify potential exploitation attempts. Sigma/YARA rules for detecting BSOD triggers related to driver errors could be developed, but require further analysis of the BSOD dump files.