CVE-2026-5367HIGH 8.6EPSS p54.0%

CVE-2026-5367CVE-2026-5367

Description

A flaw was found in OVN (Open Virtual Network). A remote attacker, by sending crafted DHCPv6 (Dynamic Host Configuration Protocol for IPv6) SOLICIT packets with an inflated Client ID length, could cause the ovn-controller to read beyond the bounds of a packet. This out-of-bounds read can lead to the disclosure of sensitive information stored in heap memory, which is then returned to the attacker's virtual machine port.

Scoring

CVSS 3.18.6 (HIGH)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
EPSS0.87% probability of exploitation · percentile 54.0% · 2026-06-19T12:03:05Z
Published2026-04-24
Last modified2026-06-01

Underlying weaknesses· 1

CWE-130

References

  1. https://access.redhat.com/errata/RHSA-2026:11694
  2. https://access.redhat.com/errata/RHSA-2026:11695
  3. https://access.redhat.com/errata/RHSA-2026:11696
  4. https://access.redhat.com/errata/RHSA-2026:11698
  5. https://access.redhat.com/errata/RHSA-2026:11700
  6. https://access.redhat.com/errata/RHSA-2026:11701
  7. https://access.redhat.com/errata/RHSA-2026:11702
  8. https://access.redhat.com/security/cve/CVE-2026-5367

1

TypeTargetConfidenceTier
WeaknessImproper Handling of Length Parameter Inconsistencycwe-1300%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-5265
CVE
CVE-2025-0650
CVE
CVE-2026-4892
CVE
CVE-2025-64656
CVE
CVE-2026-0028
CVE
CVE-2026-35547
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.