CVE-2026-36499
6.5 MEDIUMA missing upper-bound check in the udpif_set_threads() function of Open vSwitch v3.6.90 allows an attacker with OVSDB write access to req...
Published: 2026-06-04 · Last updated: 2026-06-06
Severity and scoring
- CVSS
- 6.5 MEDIUM
- Vector
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
- CWE
- CWE-770
Description
A missing upper-bound check in the udpif_set_threads() function of Open vSwitch v3.6.90 allows an attacker with OVSDB write access to request an excessive number of handler or revalidation threads. This can cause a denial of service (DoS) via resource exhaustion.
Source: NVD
References
Related CVEs
Same CWE
- CVE-2026-53781 — Summarize before 0.17.0 contains a resource exhaustion vulnerability that allows remote attackers to cause disk exhaustion by serving med... (4.3 MEDIUM)
- CVE-2026-45802 — FPDI is a collection of PHP classes that facilitate reading pages from existing PDF documents and using them as templates in FPDF
- CVE-2026-44488 — Axios is a promise based HTTP client for the browser and Node.js (7.5 HIGH)
- CVE-2026-7250 — GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12.10 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19... (7.5 HIGH)
- CVE-2026-53423 — Allocation of Resources Without Limits or Throttling vulnerability in membraneframework membrane_mp4_plugin allows unauthenticated denial...