CVE-2026-35058

Improper validation of packet length during tls-crypt-v2 key extraction in OpenVPN 2.6.0 through 2.6.19 and 2.7alpha1 through 2.7.1 allows authenticated attackers to trigger a fatal assertion and cause a denial of service via a specially crafted packet...

CVE-2026-35058

Summary of CVE-2026-35058 / CVE-2026-40215 (OpenVPN) OpenVPN versions affected: 2.6.0–2.6.19 and 2.7_alpha1–2.7.1. The issue in tls-crypt-v2 key extraction stems from improper validation of packet length, which can trigger a fatal assertion and cause a denial of service when processing a speciall...

EUVD-2026-35197

Improper validation of packet length during tls-crypt-v2 key extraction in OpenVPN 2.6.0 through 2.6.19 and 2.7alpha1 through 2.7.1 allows authenticated attackers to trigger a fatal assertion and cause a denial of service via a specially crafted packet...

CVE-2026-35058

Improper validation of packet length during tls-crypt-v2 key extraction in OpenVPN 2.6.0 through 2.6.19 and 2.7alpha1 through 2.7.1 allows authenticated attackers to trigger a fatal assertion and cause a denial of service via a specially crafted packet...

MGASA-2026-0126 Updated openvpn packages fix security vulnerabilities

CVE-2026-35058 - fix server ASSERT on receiving a suitably malformed packet with a valid tls-crypt-v2 key CVE-2026-40215 - fix race condition in TLS handshake that could lead to leaking of packet data from a previous handshake under specific circumstances...

OpenVPN TLS Crypt v2 Client Key Extraction denial of service vulnerability

Talos Vulnerability Report TALOS-2026-2381 OpenVPN TLS Crypt v2 Client Key Extraction denial of service vulnerability April 27, 2026 CVE Number CVE-2026-35058 SUMMARY A reachable assertion vulnerability exists in the TLS Crypt v2 Client Key Extraction functionality of OpenVPN 2.6.x and 2.8git. A...

UBUNTU-CVE-2026-35058

server ASSERT on receiving a suitably malformed packet with a valid tls-crypt-v2 key...

PT-2026-36645

Name of the Vulnerable Software and Affected Versions OpenVPN versions 2.6.0 through 2.6.19 OpenVPN versions 2.7 alpha1 through 2.7.1 Description A race condition occurs during the TLS handshake, specifically during TLS session promotion. This issue can be triggered by remote attackers, potential...

PT-2026-36643

Name of the Vulnerable Software and Affected Versions OpenVPN affected versions not specified Description An issue exists in the tls crypt v2 extract client key function where an uncontrolled assertion is reachable. A remote attacker can trigger a denial of service by sending a suitably malformed...

EUVD-2025-9571

Malicious code in bioql PyPI...

Security update for openvpn

This update for openvpn fixes the following issues: CVE-2025-2704: Fixed remote DoS due to possible ASSERT on OpenVPN servers using --tls-crypt-v2 bsc1240392 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...

SUSE-SU-2025:01508-1 Security update for openvpn

This update for openvpn fixes the following issues: - CVE-2025-2704: Fixed remote DoS due to possible ASSERT on OpenVPN servers using --tls-crypt-v2 bsc1240392...

Amazon Linux 2023 : openvpn, openvpn-devel (ALAS2023-2025-967)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-967 advisory. OpenVPN version 2.6.1 through 2.6.13 in server mode using TLS-crypt-v2 allows remote attackers to trigger a denial of service by corrupting and replaying network packets in the early handshake phase...

Security update for openvpn

This update for openvpn fixes the following issues: CVE-2025-2704: Fixed remote DoS due to possible ASSERT on OpenVPN servers using --tls-crypt-v2 bsc1240392 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...

SUSE CVE-2025-2704

OpenVPN version 2.6.1 through 2.6.13 in server mode using TLS-crypt-v2 allows remote attackers to trigger a denial of service by corrupting and replaying network packets in the early handshake phase...

OpenVPN Server versions 2.6.1 <= 2.6.13 DoS

OpenVPN from 2.6.1 through 2.6.13, setup with tls-crypt-v2. is affected by a denial of service vulnerability. A local attacker who can monitor network traffic, can inject specially crafted packets during the tls-crypt2-v2 handshake and corrupt the server. %NASLMINLEVEL 80900 C Tenable, Inc...

FreeBSD : openvpn -- server-side denial-of-service vulnerability with tls-crypt-v2 (2cad4541-0f5b-11f0-89f8-411aefea0df9)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 2cad4541-0f5b-11f0-89f8-411aefea0df9 advisory. Gert Doering reports: OpenVPN servers between 2.6.1 and 2.6.13 using --tls-crypt-v2 can be made to abor...

ALPINE-CVE-2025-2704

OpenVPN version 2.6.1 through 2.6.13 in server mode using TLS-crypt-v2 allows remote attackers to trigger a denial of service by corrupting and replaying network packets in the early handshake phase...

DEBIAN-CVE-2025-2704

OpenVPN version 2.6.1 through 2.6.13 in server mode using TLS-crypt-v2 allows remote attackers to trigger a denial of service by corrupting and replaying network packets in the early handshake phase...

CVE-2025-2704

CVE-2025-2704 affects OpenVPN server mode with TLS-crypt-v2, for versions 2.6.1–2.6.13. The vulnerability allows remote attackers to trigger a denial of service by corrupting and replaying network packets in the early handshake phase. Impact is described as Availability loss with a network attack...