CVE-2026-5367
highCVSS v3 Base Score
8.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
EPSS Score
0.0%
Exploitation probability in 30 days
Top 93% most likely to be exploited
Attack Characteristics
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Confidentiality
High
Integrity
None
Availability
None
Published: April 13, 2026 (88 days ago)
Last Modified: April 13, 2026
Vendor: Red Hat
Fix Available: ✓ Yes
Source: REDHAT
Vulnerability Report
Generated by CyberWatcher
Description
A flaw was found in OVN (Open Virtual Network). A remote attacker, by sending crafted DHCPv6 (Dynamic Host Configuration Protocol for IPv6) SOLICIT packets with an inflated Client ID length, could cause the ovn-controller to read beyond the bounds of a packet. This out-of-bounds read can lead to the disclosure of sensitive information stored in heap memory, which is then returned to the attacker's virtual machine port.
CWE
CWE-130Affected Products
Fast Datapath for RHEL 10Fast Datapath for RHEL 8Fast Datapath for RHEL 9Red Hat OpenShift Container Platform 4Fast Datapath for Red Hat Enterprise Linux 8Fast Datapath for Red Hat Enterprise Linux 9