CVE-2026-5265 — When generating an ICMP Destination Unreachable or Packet

/MEDIUM /CVSS 6.5/10
Written by SCW Vulnerability Desk Vulnerability Intelligence
National Vulnerability Database vulnerabilitycvemedium-severitycwe-130
CVE-2026-5265 — When generating an ICMP Destination Unreachable or Packet

CVE-2026-5265 — When generating an ICMP Destination Unreachable or Packet Too Big response, the handler copies a portion of the original packet into the ICMP error body using the IP header's self-declared total length (ip_tot_len for IPv4, ip6_plen for IPv6) without validating it against the actual

What This Means For You

  • If your environment is affected by CWE-130, review your exposure and prioritize patching based on your environment. Monitor vendor advisories for CVE-2026-5265 updates and patches.
🛡️ Am I exposed to this? Get detection rules for CVE-2026-5265 — Splunk, Sentinel, Elastic, QRadar & more

Related ATT&CK Techniques

T1190 Exploit Public-Facing Application Initial Access T1040 Network Sniffing Collection T1590.006 Hardware Add Reconnaissance

🛡️ Detection Rules

3 rules · 6 SIEM formats

3 detection rules auto-generated for this incident, mapped to MITRE ATT&CK. Sigma YAML is free — export to any SIEM format via the Intel Bot.

critical T1190 Initial Access

CVE-2026-5265 - Malformed ICMP Packet Triggering Heap Read

Sigma YAML — free preview 
title: CVE-2026-5265 - Malformed ICMP Packet Triggering Heap Read
id: scw-2026-04-24-ai-1
status: experimental
level: critical
description: |
  Detects a VM sending a malformed packet to an OVN controller that triggers an ICMP error response. This specific pattern indicates an attempt to exploit CVE-2026-5265 by sending a packet with an inflated IP length field to cause a heap read vulnerability in the ovn-controller when generating ICMP error messages.
author: SCW Feed Engine (AI-generated)
date: 2026-04-24
references:
  - https://shimiscyberworld.com/posts/nvd-CVE-2026-5265/
tags:
  - attack.initial_access
  - attack.t1190
logsource:
    category: firewall
detection:
  selection:
      src_ip|exact: 
          - 'VM_IP_ADDRESS'
      dst_ip|exact: 
          - 'OVN_CONTROLLER_IP'
      action|exact:
          - 'reject'
      condition: selection
falsepositives:
  - Legitimate administrative activity

Source: Shimi's Cyber World · License & reuse

✓ Sigma · Splunk SPL Sentinel KQL Elastic QRadar AQL Wazuh Get rules for your SIEM →

Indicators of Compromise

IDTypeIndicator
CVE-2026-5265 vulnerability CVE-2026-5265
CWE-130 weakness CWE-130

Written by SCW Vulnerability Desk

Source & Attribution
Source PlatformNVD
ChannelNational Vulnerability Database
PublishedApril 24, 2026 at 16:16 UTC

This content was curated and summarized by Shimi's Cyber World for informational purposes. It is not copied or republished in full. All intellectual property rights remain with the original author and source.

Believe this infringes your rights? Submit a takedown request.

Related Posts

CVE-2026-42095 — bookserver in KDE Arianna before 26.04.1 allows attackers

CVE-2026-42095 — bookserver in KDE Arianna before 26.04.1 allows attackers to read files over a socket connection by guessing a URL.

vulnerabilityCVEmedium-severitycwe-306
/SCW Vulnerability Desk /MEDIUM /4 /⚑ 2 IOCs /⚙ 2 Sigma

Mythos Unauthorized Access, CISA Nom Withdrawal, New Display Security

SecurityWeek reported on several under-the-radar stories this week, including unauthorized access to Mythos, the withdrawal of Plankey's CISA nomination, and the introduction of a new...

threat-intelvulnerabilitydata-breach
/SCW Vulnerability Desk /MEDIUM /⚑ 2 IOCs

OVN Out-of-Bounds Read Exposes Heap Memory via DHCPv6

CVE-2026-5367 — A flaw was found in OVN (Open Virtual Network). A remote attacker, by sending crafted DHCPv6 (Dynamic Host Configuration Protocol for IPv6) SOLICIT...

vulnerabilityCVEhigh-severityout-of-bounds-1cwe-130
/SCW Vulnerability Desk /HIGH /8.6 /⚑ 3 IOCs /⚙ 3 Sigma