CVE-2026-5367

Name of the Vulnerable Software and Affected Versions OVN (affected versions not specified)

Description A flaw in OVN (Open Virtual Network) allows a remote attacker to cause the ovn-controller to perform an out-of-bounds read by sending crafted DHCPv6 (Dynamic Host Configuration Protocol for IPv6) SOLICIT packets with an inflated Client ID length. This heap over-read can lead to the disclosure of sensitive information stored in heap memory, which is then returned to the attacker's virtual machine port via DHCPv6 and ICMP responses.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.