PT-2026-36645 · Debian+2 · Openvpn
Published
2026-04-23
·
Updated
2026-05-20
·
CVE-2026-40215
None
No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.
Guannan Wang, Zhanpeng Liu, Guancheng Li, and Emma Reuter
discovered that OpenVPN incorrectly handled suitably malformed
packets with valid tls-crypt-v2 keys. An attacker could possibly use
this issue to cause OpenVPN to crash, resulting in a denial of
service. (CVE-2026-35058)
Guannan Wang, Zhanpeng Liu, and Guancheng Li discovered that
OpenVPN had a race condition in the TLS handshake process that could
leak packet data from a previous handshake under certain
circumstances. An attacker could possibly use this issue to obtain
sensitive information. (CVE-2026-40215)
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Openvpn