CVE-2026-36499 - Vulnerability Details

- openvswitch: Open vSwitch: Denial of service via resource exhaustion due to missing upper-bound check

Description

A missing upper-bound check in the udpif_set_threads() function of Open vSwitch v3.6.90 allows an attacker with OVSDB write access to request an excessive number of handler or revalidation threads. This can cause a denial of service (DoS) via resource exhaustion.

Published: 2026-06-04

Score: 6.5 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

A missing upper‑bound check in the udpif_set_threads() function of Open vSwitch v3.6.90 allows an attacker with OVSDB write access to request an excessive number of handler or revalidation threads, leading to resource exhaustion and a denial of service. The vulnerability is a clear example of a resource exhaustion flaw where an unverified input value directly controls system resource allocation. The resulting denial of service can render the Open vSwitch instance unresponsive, affecting network traffic handling.

Affected Systems

The vulnerability affects Open vSwitch version 3.6.90. No other versions or vendor products are listed.

Risk and Exploitability

The CVSS score of 6.5 indicates moderate severity; the EPSS score is unavailable, but the exploit is feasible if the attacker has OVSDB write permissions. Because the flaw is unconditionally granted to any OVSDB writer, the risk level is moderate to high in environments where this access is not tightly controlled. The issue is not listed in CISA’s KEV catalog, and no active public exploit is reported; however, the lack of an upper bound can cause a local or remote denial of service depending on how the OVSDB interface is exposed.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

n/a

affected

Version	Status	Constraints
`n/a`	affected	—

No data.

Vendor Product Confidence Versions

Redhat

Openvswitch

100%

Version	Status	Scheme	Platform
`3.6.90`	affected	semver	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Apply an official security patch or upgrade Open vSwitch to a version where this bug is fixed.
Restrict OVSDB write permissions to a minimal set of trusted administrators to prevent malicious thread‑creation requests.
Enable monitoring of OVSDB logs for abnormal thread‑creation patterns and set alerts for sudden increases in related metrics.

Generated by OpenCVE AI on June 4, 2026 at 22:51 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00328.

Exploitation poc

Automatable no

Technical Impact partial

References

Link	Providers
http://open.com
https://github.com/majdlatah/OVS-Other-Config-Bug
https://nvd.nist.gov/vuln/detail/CVE-2026-36499
https://www.cve.org/CVERecord?id=CVE-2026-36499

History

Thu, 11 Jun 2026 00:15:00 +0000

Type	Values Removed	Values Added
Title	Open vSwitch Thread Allocation Exploit Causing Denial of Service	openvswitch: Open vSwitch: Denial of service via resource exhaustion due to missing upper-bound check
References		http://open.com https://nvd.nist.gov/vuln/detail/CVE-2026-36499 https://www.cve.org/CVERecord?id=CVE-2026-36499
Metrics	threat_severity `None`	threat_severity `Moderate`

Sun, 07 Jun 2026 01:00:00 +0000

Type	Values Removed	Values Added
References	http://open.com

Fri, 05 Jun 2026 10:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat Redhat openvswitch
Vendors & Products		Redhat Redhat openvswitch

Thu, 04 Jun 2026 23:15:00 +0000

Type	Values Removed	Values Added
Title		Open vSwitch Thread Allocation Exploit Causing Denial of Service

Thu, 04 Jun 2026 21:15:00 +0000

Type	Values Removed	Values Added
Title	Open vSwitch Resource Exhaustion via Missing Thread Bound Check
Weaknesses	CWE-399

Thu, 04 Jun 2026 19:45:00 +0000

Type	Values Removed	Values Added
Title		Open vSwitch Resource Exhaustion via Missing Thread Bound Check
Weaknesses		CWE-399

Thu, 04 Jun 2026 19:30:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-770
Metrics		cvssV3_1 `{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}` ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Thu, 04 Jun 2026 18:30:00 +0000

Type	Values Removed	Values Added
Description		A missing upper-bound check in the udpif_set_threads() function of Open vSwitch v3.6.90 allows an attacker with OVSDB write access to request an excessive number of handler or revalidation threads. This can cause a denial of service (DoS) via resource exhaustion.
References		http://open.com https://github.com/majdlatah/OVS-Other-Config-Bug

Subscriptions

Redhat Openvswitch

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2026-06-04T00:00:00.000Z

Updated: 2026-06-06T19:34:00.960Z

Reserved: 2026-04-06T00:00:00.000Z

Link: CVE-2026-36499

Vulnrichment

Updated: 2026-06-04T18:39:16.014Z

NVD

Status : Awaiting Analysis

Published: 2026-06-04T19:16:28.563

Modified: 2026-06-06T20:16:36.233

Link: CVE-2026-36499

Redhat

Severity : Moderate

Publid Date: 2026-06-04T00:00:00Z

Links: CVE-2026-36499 - Bugzilla

OpenCVE Enrichment

Updated: 2026-06-05T10:10:59Z

Weaknesses

CWE-770
Allocation of Resources Without Limits or Throttling

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Exploitation poc

Automatable no

Technical Impact partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object