CVE-2026-36499
Missing Upper-Bound Check in Open vSwitch DoS via Thread Exhaustion
Publication date: 2026-06-04
Last updated on: 2026-06-04
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| open_vswitch | open_vswitch | 3.6.90 |
| open_vswitch | open_vswitch | From 3.6.90 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-770 | The product allocates a reusable resource or group of resources on behalf of an actor without imposing any intended restrictions on the size or number of resources that can be allocated. |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by checking the value set for the `n-revalidator-threads` parameter in the Open vSwitch `other_config` map. An unusually large integer value indicates exploitation or risk of exploitation.
Additionally, system logs may show errors such as "Too many open files" caused by the OVS daemon attempting to create an excessive number of threads.
Commands to detect this include querying the Open vSwitch configuration for the `n-revalidator-threads` parameter, for example:
- ovs-vsctl get Open_vSwitch . other_config:n-revalidator-threads
Monitoring system logs for OVS daemon crashes or resource exhaustion errors can also help detect this issue.
Can you explain this vulnerability to me?
CVE-2026-36499 is a configuration bug in Open vSwitch version 3.6.90 where the function udpif_set_threads() does not enforce an upper limit on the number of handler or revalidation threads that can be requested.
An attacker with OVSDB write access can exploit this by setting an arbitrarily large number of threads, causing the Open vSwitch daemon to attempt to create too many threads.
This leads to resource exhaustion and causes the OVS daemon to crash, resulting in a denial of service (DoS).
How can this vulnerability impact me? :
This vulnerability can cause a denial of service (DoS) by crashing the Open vSwitch daemon through resource exhaustion.
If an attacker gains OVSDB write access, they can exploit this bug to disrupt network operations managed by Open vSwitch, potentially causing network outages or degraded performance.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, immediately enforce a reasonable upper limit on the number of threads that can be set for the `n-revalidator-threads` parameter in Open vSwitch.
Restrict OVSDB write access to trusted users only, preventing attackers from setting excessively large thread counts.
If possible, update or patch Open vSwitch to a version where this upper bound check is implemented in the `udpif_set_threads()` function.
Monitor the OVS daemon for crashes or resource exhaustion symptoms and restart the service if necessary.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.