CVE Tools

openvpn

Networking InfrastructureUSoss-project

30

Cumulative CVEs

13

Monthly snapshots

#25

Peak rank

Top products

openvpn2 ovpn-dco-win1

Latest CVEs

The 15 most recently published vulnerabilities affecting openvpn.

CVE-2026-35058Improper validation of packet length during tls-crypt-v2 key extraction in OpenVPN 2.6.0 through 2.6.19 and 2.7_alpha1 through 2.7.1 allows authenticated attackers to trigger a fatal assertion and ...7.7Jun 8, 2026
CVE-2026-9560Privilege escalation via background service of OpenVPN Connect 3.5.1 through 3.8.1 on macOS allows attackers to execute arbitrary commands with elevated privileges via local IPC channel7.8May 26, 2026
CVE-2025-13086Improper validation of source IP addresses in OpenVPN version 2.6.0 through 2.6.15 and 2.7_alpha1 through 2.7_rc1 allows an attacker to open a session from a different IP address which did not init...7.5Dec 3, 2025
CVE-2025-13751Interactive service agent in OpenVPN version 2.5.0 through 2.6.16 and 2.7_alpha1 through 2.7_rc2 on Windows allows a local authenticated user to connect to the service and trigger an error causing ...5.5Dec 3, 2025
CVE-2025-12106Insufficient argument validation in OpenVPN 2.7_alpha1 through 2.7_rc1 allows an attacker to trigger a heap buffer over-read when parsing IP addresses9.1Dec 1, 2025
CVE-2025-50055Cross-site scripting (XSS) vulnerability in the SAML Authentication module in OpenVPN Access Server version 2.14.0 through 2.14.3 allows configured remote SAML Assertion Consumer Service (ACS) endp...6.4Oct 27, 2025
CVE-2025-10680OpenVPN 2.7_alpha1 through 2.7_beta1 on POSIX based platforms allows a remote authenticated server to inject shell commands via DNS variables when --dns-updown is in use8.8Oct 24, 2025
CVE-2025-50054Buffer overflow in OpenVPN ovpn-dco-win version 1.3.0 and earlier and version 2.5.8 and earlier allows a local user process to send a too large control message buffer to the kernel driver resulting...5.5Jun 20, 2025
CVE-2025-3908The configuration initialization tool in OpenVPN 3 Linux v20 through v24 on Linux allows a local attacker to use symlinks pointing at an arbitrary directory which will change the ownership and perm...6.2May 19, 2025
CVE-2024-4877OpenVPN version 2.4.0 through 2.6.10 on Windows allows an external, lesser privileged process to create a named pipe which the OpenVPN GUI component would connect to allowing it to escalate its pri...8.8Apr 3, 2025
CVE-2025-2704OpenVPN version 2.6.1 through 2.6.13 in server mode using TLS-crypt-v2 allows remote attackers to trigger a denial of service by corrupting and replaying network packets in the early handshake phase7.5Apr 2, 2025
CVE-2024-13454Weak encryption algorithm in Easy-RSA version 3.0.5 through 3.1.7 allows a local attacker to more easily bruteforce the private CA key when created using OpenSSL 35.3Jan 20, 2025
CVE-2024-5198OpenVPN ovpn-dco for Windows version 1.1.1 allows an unprivileged local attacker to send I/O control messages with invalid data to the driver resulting in a NULL pointer dereference leading to a sy...3.3Jan 15, 2025
CVE-2024-8474OpenVPN Connect before version 3.5.0 can contain the configuration profile's clear-text private key which is logged in the application log, which an unauthorized actor can use to decrypt the VPN tr...7.5Jan 6, 2025
CVE-2024-5594OpenVPN before 2.6.11 does not santize PUSH_REPLY messages properly which an attacker controlling the server can use to inject unexpected arbitrary data ending up in client logs.9.1Jan 6, 2025