CVE-2026-36499

MEDIUM

Open vSwitch v3.6.90 - Denial of Service via Excessive Thread Allocation in udpif_set_threads()

Title source: llm

Description

A missing upper-bound check in the udpif_set_threads() function of Open vSwitch v3.6.90 allows an attacker with OVSDB write access to request an excessive number of handler or revalidation threads. This can cause a denial of service (DoS) via resource exhaustion.

References (2)

Core 2

Core References

http://open.com

https://github.com/majdlatah/OVS-Other-Config-Bug

View Writeup ZIP pw:eip

Scores

CVSS v3 6.5

EPSS 0.0024

EPSS Percentile 14.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-770

Status published

Published Jun 04, 2026

Tracked Since Jun 05, 2026