CVE-2026-36499

MEDIUM NVD

CVSS Score 6.5

Severity MEDIUM

Published Jun 04, 2026

Vendor unknown

Description

A missing upper-bound check in the udpif_set_threads() function of Open vSwitch v3.6.90 allows an attacker with OVSDB write access to request an excessive number of handler or revalidation threads. This can cause a denial of service (DoS) via resource exhaustion.

References

http://open.com
https://github.com/majdlatah/OVS-Other-Config-Bug
https://github.com/majdlatah/OVS-Other-Config-Bug