CVE-2026-5367

HIGH SEVERITY

CVSS Score & Metrics

Base Score

8.6 / 10

Vector String

                                        CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N                                    

Vulnerability Description

A flaw was found in OVN (Open Virtual Network). A remote attacker, by sending crafted DHCPv6 (Dynamic Host Configuration Protocol for IPv6) SOLICIT packets with an inflated Client ID length, could cause the ovn-controller to read beyond the bounds of a packet. This out-of-bounds read can lead to the disclosure of sensitive information stored in heap memory, which is then returned to the attacker's virtual machine port.

Vulnerability Details

Published Date

April 24, 2026

Last Modified

April 24, 2026

CWE ID

CWE-130

Source

NVD

External References

https://access.redhat.com/security/cve/CVE-2026-5367
https://bugzilla.redhat.com/show_bug.cgi?id=2455863
http://www.openwall.com/lists/oss-security/2026/04/20/3
http://www.openwall.com/lists/oss-security/2026/04/20/5

CVE-2026-5367

CVSS Score & Metrics

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment