CVE-2026-5367
Published:April 24, 2026
Updated:April 26, 2026
A flaw was found in OVN (Open Virtual Network). A remote attacker, by sending crafted DHCPv6 (Dynamic Host Configuration Protocol for IPv6) SOLICIT packets with an inflated Client ID length, could cause the ovn-controller to read beyond the bounds of a packet. This out-of-bounds read can lead to the disclosure of sensitive information stored in heap memory, which is then returned to the attacker's virtual machine port.
Affected Packages
https://github.com/ovn-org/ovn.git (GITHUB):
Affected version(s) =v26.03.0 <v26.03.1Fix Suggestion:
Update to version v26.03.1https://github.com/ovn-org/ovn.git (GITHUB):
Affected version(s) >=v25.09.0 <v25.09.3Fix Suggestion:
Update to version v25.09.3https://github.com/ovn-org/ovn.git (GITHUB):
Affected version(s) >=v20.03.0 <v24.03.8Fix Suggestion:
Update to version v24.03.8https://github.com/ovn-org/ovn.git (GITHUB):
Affected version(s) >=v25.03.0 <v25.03.3Fix Suggestion:
Update to version v25.03.3Related ResourcesĀ (4)
Do you need more information?
Contact UsCVSS v4
Base Score:
9.2
Attack Vector
NETWORK
Attack Complexity
LOW
Attack Requirements
NONE
Privileges Required
NONE
User Interaction
NONE
Vulnerable System Confidentiality
HIGH
Vulnerable System Integrity
NONE
Vulnerable System Availability
NONE
Subsequent System Confidentiality
HIGH
Subsequent System Integrity
NONE
Subsequent System Availability
NONE
CVSS v3
Base Score:
8.6
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality
HIGH
Integrity
NONE
Availability
NONE
Weakness Type (CWE)
Improper Handling of Length Parameter Inconsistency
