CVE-2026-35058

A flaw was found in OpenVPN. This vulnerability, caused by improper validation of packet length during tls-crypt-v2 key extraction, allows an authenticated attacker to send a specially crafted packet. Successful exploitation can trigger a fatal assertion, leading to a denial of service DoS...

OESA-2026-2626 openvpn security update

OpenVPN is a full-featured open source SSL VPN solution that accommodates a wide range of configurations, including remote access, site-to-site VPNs, Wi-Fi security, and enterprise-scale remote access solutions with load balancing, failover, and fine-grained access-controls. Starting with the...

OESA-2026-2623 openvpn security update

OpenVPN is a full-featured open source SSL VPN solution that accommodates a wide range of configurations, including remote access, site-to-site VPNs, Wi-Fi security, and enterprise-scale remote access solutions with load balancing, failover, and fine-grained access-controls. Starting with the...

SUSE CVE-2026-35058

Improper validation of packet length during tls-crypt-v2 key extraction in OpenVPN 2.6.0 through 2.6.19 and 2.7alpha1 through 2.7.1 allows authenticated attackers to trigger a fatal assertion and cause a denial of service via a specially crafted packet...

CVE-2026-35058

Improper validation of packet length during tls-crypt-v2 key extraction in OpenVPN 2.6.0 through 2.6.19 and 2.7alpha1 through 2.7.1 allows authenticated attackers to trigger a fatal assertion and cause a denial of service via a specially crafted packet...

EUVD-2026-35197

Improper validation of packet length during tls-crypt-v2 key extraction in OpenVPN 2.6.0 through 2.6.19 and 2.7alpha1 through 2.7.1 allows authenticated attackers to trigger a fatal assertion and cause a denial of service via a specially crafted packet...

CVE-2026-35058

Summary of CVE-2026-35058 / CVE-2026-40215 (OpenVPN) OpenVPN versions affected: 2.6.0–2.6.19 and 2.7_alpha1–2.7.1. The issue in tls-crypt-v2 key extraction stems from improper validation of packet length, which can trigger a fatal assertion and cause a denial of service when processing a speciall...

CVE-2026-35058

Improper validation of packet length during tls-crypt-v2 key extraction in OpenVPN 2.6.0 through 2.6.19 and 2.7alpha1 through 2.7.1 allows authenticated attackers to trigger a fatal assertion and cause a denial of service via a specially crafted packet...

MGASA-2026-0126 Updated openvpn packages fix security vulnerabilities

CVE-2026-35058 - fix server ASSERT on receiving a suitably malformed packet with a valid tls-crypt-v2 key CVE-2026-40215 - fix race condition in TLS handshake that could lead to leaking of packet data from a previous handshake under specific circumstances...

OpenVPN TLS Crypt v2 Client Key Extraction denial of service vulnerability

Talos Vulnerability Report TALOS-2026-2381 OpenVPN TLS Crypt v2 Client Key Extraction denial of service vulnerability April 27, 2026 CVE Number CVE-2026-35058 SUMMARY A reachable assertion vulnerability exists in the TLS Crypt v2 Client Key Extraction functionality of OpenVPN 2.6.x and 2.8git. A...

PT-2026-36645

Name of the Vulnerable Software and Affected Versions OpenVPN versions 2.6.0 through 2.6.19 OpenVPN versions 2.7 alpha1 through 2.7.1 Description A race condition occurs during the TLS handshake, specifically during TLS session promotion. This issue can be triggered by remote attackers, potential...

UBUNTU-CVE-2026-35058

Improper validation of packet length during tls-crypt-v2 key extraction in OpenVPN 2.6.0 through 2.6.19 and 2.7alpha1 through 2.7.1 allows authenticated attackers to trigger a fatal assertion and cause a denial of service via a specially crafted packet...

PT-2026-36643

Name of the Vulnerable Software and Affected Versions OpenVPN affected versions not specified Description An issue exists in the tls crypt v2 extract client key function where an uncontrolled assertion is reachable. A remote attacker can trigger a denial of service by sending a suitably malformed...

EUVD-2025-9571

Malicious code in bioql PyPI...

Security update for openvpn

This update for openvpn fixes the following issues: CVE-2025-2704: Fixed remote DoS due to possible ASSERT on OpenVPN servers using --tls-crypt-v2 bsc1240392 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...

SUSE-SU-2025:01508-1 Security update for openvpn

This update for openvpn fixes the following issues: - CVE-2025-2704: Fixed remote DoS due to possible ASSERT on OpenVPN servers using --tls-crypt-v2 bsc1240392...

Amazon Linux 2023 : openvpn, openvpn-devel (ALAS2023-2025-967)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-967 advisory. OpenVPN version 2.6.1 through 2.6.13 in server mode using TLS-crypt-v2 allows remote attackers to trigger a denial of service by corrupting and replaying network packets in the early handshake phase...

Security update for openvpn

This update for openvpn fixes the following issues: CVE-2025-2704: Fixed remote DoS due to possible ASSERT on OpenVPN servers using --tls-crypt-v2 bsc1240392 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...

SUSE CVE-2025-2704

OpenVPN version 2.6.1 through 2.6.13 in server mode using TLS-crypt-v2 allows remote attackers to trigger a denial of service by corrupting and replaying network packets in the early handshake phase...

OpenVPN Server versions 2.6.1 <= 2.6.13 DoS

OpenVPN from 2.6.1 through 2.6.13, setup with tls-crypt-v2. is affected by a denial of service vulnerability. A local attacker who can monitor network traffic, can inject specially crafted packets during the tls-crypt2-v2 handshake and corrupt the server. %NASLMINLEVEL 80900 C Tenable, Inc...