Cyber Resilience

CVE-2026-5367

HighUpdated

Published: 24 April 2026

Published
24 April 2026
Modified
30 June 2026
KEV Added
Patch
CVSS Score v3.1 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
EPSS Score 0.0087 54.3th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2026-5367 is a high-severity Improper Handling of Length Parameter Inconsistency (CWE-130) vulnerability in Redhat (inferred from references). Its CVSS base score is 8.6 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 45.7% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2026-5367 is a vulnerability in OVN (Open Virtual Network), specifically affecting the ovn-controller component. The flaw stems from improper handling of DHCPv6 SOLICIT packets with an inflated Client ID length (CWE-130), causing ovn-controller to perform an out-of-bounds read beyond the packet boundaries. This exposes sensitive information stored in heap memory, which is then returned to the attacker's virtual machine port. The issue was published on 2026-04-24 and carries a CVSS v3.1 base score of 8.6 (AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N).

A remote attacker can exploit this vulnerability without authentication or privileges by sending crafted DHCPv6 SOLICIT packets to the ovn-controller. No user interaction is required, and the attack has low complexity due to its network accessibility. Exploitation results in high-impact confidentiality loss, as sensitive heap memory contents are disclosed directly to the attacker's virtual machine port, with changed scope due to the cross-VM information flow.

Red Hat advisories detail mitigations through updated packages in errata RHSA-2026:11694, RHSA-2026:11695, RHSA-2026:11696, RHSA-2026:11698, and RHSA-2026:11700, which security practitioners should apply to vulnerable OVN deployments.

EU & UK References

Vulnerability details

A flaw was found in OVN (Open Virtual Network). A remote attacker, by sending crafted DHCPv6 (Dynamic Host Configuration Protocol for IPv6) SOLICIT packets with an inflated Client ID length, could cause the ovn-controller to read beyond the bounds of…

more

a packet. This out-of-bounds read can lead to the disclosure of sensitive information stored in heap memory, which is then returned to the attacker's virtual machine port.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

The vulnerability enables remote exploitation of the ovn-controller network service via crafted DHCPv6 packets, directly mapping to exploitation of a network-accessible application for information disclosure.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-41035Shared CWE-130
CVE-2025-14847Shared CWE-130
CVE-2026-3868Shared CWE-130
CVE-2026-41898Shared CWE-130
CVE-2026-33846Shared CWE-130
CVE-2026-35547Shared CWE-130
CVE-2026-31635Shared CWE-130
CVE-2026-22255Shared CWE-130
CVE-2026-22047Shared CWE-130
CVE-2026-22861Shared CWE-130

Affected Assets

Redhat
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly enforces validation of DHCPv6 SOLICIT packet inputs, including Client ID lengths, to prevent out-of-bounds reads in ovn-controller.

prevent

Requires timely remediation of the specific flaw in ovn-controller via patches provided in Red Hat advisories, eliminating the vulnerability.

prevent

Ensures error handling during malformed packet processing does not disclose sensitive heap memory contents in responses to attackers.

References