CVE-2026-36499
Awaiting Analysis Awaiting Analysis - Queue
Missing Upper-Bound Check in Open vSwitch DoS via Thread Exhaustion

Publication date: 2026-06-04

Last updated on: 2026-06-06

Assigner: MITRE

Description
A missing upper-bound check in the udpif_set_threads() function of Open vSwitch v3.6.90 allows an attacker with OVSDB write access to request an excessive number of handler or revalidation threads. This can cause a denial of service (DoS) via resource exhaustion.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-04
Last Modified
2026-06-06
Generated
2026-06-25
AI Q&A
2026-06-04
EPSS Evaluated
2026-06-24
NVD
CVE-2026-36499
EUVD
EUVD-2026-34317
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
open_vswitch open_vswitch 3.6.90
open_vswitch open_vswitch From 3.6.90 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-770 The product allocates a reusable resource or group of resources on behalf of an actor without imposing any intended restrictions on the size or number of resources that can be allocated.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-36499 is a configuration bug in Open vSwitch version 3.6.90 where the function udpif_set_threads() does not enforce an upper limit on the number of handler or revalidation threads that can be requested.

An attacker with OVSDB write access can exploit this by setting an arbitrarily large number of threads, causing the Open vSwitch daemon to attempt to create too many threads.

This leads to resource exhaustion and causes the OVS daemon to crash, resulting in a denial of service (DoS).

Detection Guidance

This vulnerability can be detected by checking the value set for the `n-revalidator-threads` parameter in the Open vSwitch `other_config` map. An unusually large integer value indicates exploitation or risk of exploitation.

Additionally, system logs may show errors such as "Too many open files" caused by the OVS daemon attempting to create an excessive number of threads.

Commands to detect this include querying the Open vSwitch configuration for the `n-revalidator-threads` parameter, for example:

  • ovs-vsctl get Open_vSwitch . other_config:n-revalidator-threads

Monitoring system logs for OVS daemon crashes or resource exhaustion errors can also help detect this issue.

Mitigation Strategies

To mitigate this vulnerability, immediately enforce a reasonable upper limit on the number of threads that can be set for the `n-revalidator-threads` parameter in Open vSwitch.

Restrict OVSDB write access to trusted users only, preventing attackers from setting excessively large thread counts.

If possible, update or patch Open vSwitch to a version where this upper bound check is implemented in the `udpif_set_threads()` function.

Monitor the OVS daemon for crashes or resource exhaustion symptoms and restart the service if necessary.

Compliance Impact

The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Impact Analysis

This vulnerability can cause a denial of service (DoS) by crashing the Open vSwitch daemon through resource exhaustion.

If an attacker gains OVSDB write access, they can exploit this bug to disrupt network operations managed by Open vSwitch, potentially causing network outages or degraded performance.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-36499. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart