CVE-2026-5367
HIGHOvn: ovn: information disclosure via crafted dhcpv6 packets
Title source: cnaDescription
A flaw was found in OVN (Open Virtual Network). A remote attacker, by sending crafted DHCPv6 (Dynamic Host Configuration Protocol for IPv6) SOLICIT packets with an inflated Client ID length, could cause the ovn-controller to read beyond the bounds of a packet. This out-of-bounds read can lead to the disclosure of sensitive information stored in heap memory, which is then returned to the attacker's virtual machine port.
References (13)
Core 13
Core References
Issue Tracking, X_Refsource_Redhat issue-tracking
x_refsource_redhat
RHBZ#2455863
https://bugzilla.redhat.com/show_bug.cgi?id=2455863
Vdb Entry, X_Refsource_Redhat vdb-entry
x_refsource_redhat
https://access.redhat.com/security/cve/CVE-2026-5367
Vendor Advisory vendor-advisory
x_refsource_redhat
RHSA-2026:11694
https://access.redhat.com/errata/RHSA-2026:11694
Vendor Advisory vendor-advisory
x_refsource_redhat
RHSA-2026:11695
https://access.redhat.com/errata/RHSA-2026:11695
Vendor Advisory vendor-advisory
x_refsource_redhat
RHSA-2026:11696
https://access.redhat.com/errata/RHSA-2026:11696
Vendor Advisory vendor-advisory
x_refsource_redhat
RHSA-2026:11698
https://access.redhat.com/errata/RHSA-2026:11698
Vendor Advisory vendor-advisory
x_refsource_redhat
RHSA-2026:11700
https://access.redhat.com/errata/RHSA-2026:11700
Vendor Advisory vendor-advisory
x_refsource_redhat
RHSA-2026:11701
https://access.redhat.com/errata/RHSA-2026:11701
Vendor Advisory vendor-advisory
x_refsource_redhat
RHSA-2026:11702
https://access.redhat.com/errata/RHSA-2026:11702
Vendor Advisory vendor-advisory
x_refsource_redhat
RHSA-2026:22110
https://access.redhat.com/errata/RHSA-2026:22110
Vendor Advisory vendor-advisory
x_refsource_redhat
RHSA-2026:22111
https://access.redhat.com/errata/RHSA-2026:22111
Scores
CVSS v3
8.6
EPSS
0.0087
EPSS Percentile
53.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-130
Status
published
Products (14)
Red Hat/Fast Datapath for Red Hat Enterprise Linux 10
0:25.03.2-100.el10fdp
Red Hat/Fast Datapath for Red Hat Enterprise Linux 10
0:25.09.2-103.el10fdp
Red Hat/Fast Datapath for Red Hat Enterprise Linux 8
0:21.12.0-145.el8fdp
Red Hat/Fast Datapath for Red Hat Enterprise Linux 8
0:23.06.4-30.el8fdp
Red Hat/Fast Datapath for Red Hat Enterprise Linux 9
0:23.06.4-30.el9fdp
Red Hat/Fast Datapath for Red Hat Enterprise Linux 9
0:23.09.6-16.el9fdp
Red Hat/Fast Datapath for Red Hat Enterprise Linux 9
0:24.03.7-82.el9fdp
Red Hat/Fast Datapath for Red Hat Enterprise Linux 9
0:25.03.2-100.el9fdp
Red Hat/Fast Datapath for Red Hat Enterprise Linux 9
0:25.09.2-103.el9fdp
Red Hat/Fast Datapath for RHEL 10
... and 4 more
Published
Apr 24, 2026
Tracked Since
Apr 24, 2026