CVE-2026-5367

Description

A flaw was found in OVN (Open Virtual Network). A remote attacker, by sending crafted DHCPv6 (Dynamic Host Configuration Protocol for IPv6) SOLICIT packets with an inflated Client ID length, could cause the ovn-controller to read beyond the bounds of a packet. This out-of-bounds read can lead to the disclosure of sensitive information stored in heap memory, which is then returned to the attacker's virtual machine port.

CVSS v3.1 Score

8.6

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

EPSS — Exploit Prediction

0.0002

Probability of exploitation

0.07%

Percentile rank

EPSS estimates the probability that this vulnerability will be exploited in the wild within the next 30 days. A higher score means more likely to be exploited.

Weakness Type (CWE)

CWE-130 CWE-130

References

Other References

https://access.redhat.com/errata/RHSA-2026:11694 https://access.redhat.com/errata/RHSA-2026:11695 https://access.redhat.com/errata/RHSA-2026:11696 https://access.redhat.com/errata/RHSA-2026:11698 https://access.redhat.com/errata/RHSA-2026:11700 https://access.redhat.com/errata/RHSA-2026:11701 https://access.redhat.com/errata/RHSA-2026:11702 https://access.redhat.com/security/cve/CVE-2026-5367 https://bugzilla.redhat.com/show_bug.cgi?id=2455863 http://www.openwall.com/lists/oss-security/2026/04/20/3

Frequently Asked Questions

What is CVE-2026-5367? +

A flaw was found in OVN (Open Virtual Network). A remote attacker, by sending crafted DHCPv6 (Dynamic Host Configuration Protocol for IPv6) SOLICIT packets with an inflated Client ID length, could cause the ovn-controller to read beyond the bounds of a packet. This out-of-bounds read can lead to the disclosure of sensitive information stored in heap memory, which is then returned to the attacker's virtual machine port. It has a CVSS v3.1 base score of 8.6 (HIGH).

How severe is CVE-2026-5367? +

CVE-2026-5367 has a CVSS v3.1 score of 8.6 out of 10, rated HIGH. This is a high-severity vulnerability that should be prioritized for patching. The EPSS score is 0.0002, placing it in the 0th percentile for exploitation probability.

How do I check if I'm vulnerable to CVE-2026-5367? +

You can use Secably's free Website Scanner to check your website for known vulnerabilities. For infrastructure scanning, use the Port Scanner to identify exposed services that may be affected. Check the vendor advisories linked above for specific patch and version information.

Related Vulnerabilities

CVE-2026-9054

An attacker sending tcp, il, rudp, rudp, or gre packets with a length less than the header size would trigger …

CVE-2026-3868

An improper handling of the length parameter inconsistency vulnerability has been identified in Moxa’s Secure Router. Because of improper validation …

CVE-2026-41898 9.8

rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.9.24 to before 0.10.78, the FFI trampolines behind SslContextBuilder::set_psk_client_callback, set_psk_server_callback, …

CVE-2024-37305 8.2

oqs-provider is a provider for the OpenSSL 3 cryptography library that adds support for post-quantum cryptography in TLS, X.509, and …

CVE-2026-35547 8.1

When processing the header of an incoming message, libnv failed to properly validate the message size. The lack of validation …

CVE-2024-38010 8.0

Secure Boot Security Feature Bypass Vulnerability