Out-of-bounds read in Open Virtual Network - CVE-2026-5367
Published: April 20, 2026
Vulnerability identifier: #VU126562
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2026-5367
CWE-ID: CWE-125
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Open Virtual Network
Affected software:
Open Virtual Network
Open Virtual Network
Detailed vulnerability description
The vulnerability allows a remote attacker to disclose sensitive information.
The vulnerability exists due to an out-of-bounds read in the DHCPv6 Client ID option handling in the pinctrl thread when processing crafted DHCPv6 SOLICIT packets. A remote attacker can send a specially crafted DHCPv6 packet with an inflated Client ID length field to disclose sensitive information.
The copied heap memory is included in the DHCPv6 ADVERTISE reply and delivered back to the attacker's VM port. Only logical switch ports configured with DHCPv6 options are exposed.
How to mitigate CVE-2026-5367
Install security update from vendor's website.