What is the CVSS score of EUVD-2026-25421?

EUVD-2026-25421 has a CVSS 3.1 base score of 8.6 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N. EPSS exploitation probability: 0.0%.

Which versions of Open Virtual Network (OVN) are affected by EUVD-2026-25421?

CVE-2026-5367 is a heap over-read vulnerability in Open Virtual Network (OVN) DHCPv6 processing that allows remote attackers to extract sensitive memory contents without authentication, posing…. A patch is available.

Open Virtual Network (OVN) EUVD-2026-25421

| CVE-2026-5367 HIGH

Improper Handling of Length Parameter Inconsistency (CWE-130)

2026-04-24

GHSA-r8vj-9qgr-m84x

Information Disclosure

8.6

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

None

Availability

None

Lifecycle Timeline

Re-analysis Queued

Apr 29, 2026 - 13:23 vuln.today

cvss_changed

Patch released

Apr 29, 2026 - 02:30 nvd

Patch available

Analysis Generated

Apr 24, 2026 - 15:15 vuln.today

CVSS changed

Apr 24, 2026 - 13:22 NVD

8.6 (HIGH)

EUVD ID Assigned

Apr 24, 2026 - 12:21 euvd

EUVD-2026-25421

Analysis Generated

Apr 24, 2026 - 12:21 vuln.today

CVE Published

Apr 24, 2026 - 12:21 nvd

HIGH 8.6

Description PRE-NVD

Disclosed via oss-security. NVD scoring and full description are pending.

AnalysisAI

Heap over-read in Open Virtual Network (OVN) DHCPv6 client ID processing allows remote unauthenticated attackers to extract sensitive memory contents across network boundaries. The vulnerability affects OVN's DHCPv6 implementation and carries a CVSS score of 8.6 with scope change, enabling cross-tenant information disclosure in multi-tenant virtualized environments. …

RemediationAI

Within 24 hours: Identify all systems running OVN, document current versions, and assess exposure in multi-tenant environments. Within 7 days: Implement network segmentation to restrict DHCPv6 traffic to trusted sources and disable DHCPv6 client functionality where not operationally required; consult OVN vendor (OVS/OVN community) for interim guidance on mitigations. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Vendor StatusVendor

EUVD-2026-25421 vulnerability details – vuln.today

Back

Open Virtual Network (OVN) EUVD-2026-25421

CVSS VectorNVD

Lifecycle Timeline

Description PRE-NVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Vendor StatusVendor

Share

External POC / Exploit Code