PT-2026-43371 · Openvpn · Openvpn Connect

Ismael Esquilichi

Published

2026-05-26

Updated

2026-06-15

CVE-2026-9560

CVSS v4.0

9.4

Critical

Vector

AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Name of the Vulnerable Software and Affected Versions OpenVPN Connect versions 3.5.1 through 3.8.1

Description A privilege escalation issue exists in the background service of OpenVPN Connect on macOS. This allows attackers to execute arbitrary commands with elevated privileges by utilizing a local IPC (Inter-Process Communication) channel, which is a mechanism that allows different processes to communicate with each other on the same operating system.

Fix

LPE

OS Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-648CWE-267CWE-78CWE-270

Related Identifiers

CVE-2026-9560

Affected Products

Openvpn Connect

PT-2026-43371 · Openvpn · Openvpn Connect

CVE-2026-9560

Weakness Enumeration

Related Identifiers

Affected Products

References · 13