MEDIUM
Open vSwitch
CVE published 2026-06-04
CVE-2026-36499
CVE-2026-36499 is a medium-severity vulnerability in Open vSwitch. A missing upper-bound check in the udpif_set_threads() function of Open vSwitch v3.6.90 allows an attacker with OVSDB write access to request an excessive number of handler or revalidation threads. This can cause a denial of service (DoS) via resource exhaustion. The vulnerability has a CVSS score of 6.5 and is classified as CWE-770.