CVE-2026-39312

Name of the Vulnerable Software and Affected Versions SoftEtherVPN versions 5.2.5188 and earlier

Description SoftEtherVPN is a cross-platform multi-protocol VPN Program. A pre-authentication denial-of-service condition exists. An unauthenticated remote attacker can terminate active VPN sessions by sending a malformed EAP-TLS packet over raw L2TP (UDP/1701), causing the vpnserver process to crash.

Recommendations Update to a version later than 5.2.5188.