PT-2026-55942 · Openvpn · Openvpn

Published

2026-07-06

·

Updated

2026-07-14

·

CVE-2026-13122

CVSS v4.0

5.9

Medium

VectorAV:N/AC:H/AT:P/PR:L/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
Name of the Vulnerable Software and Affected Versions OpenVPN versions 2.6.0 through 2.6.20 OpenVPN versions 2.7 alpha1 through 2.7.4
Description A remote attacker can cause a denial of service when the external-auth feature is enabled. This occurs by sending a malformed authentication token that triggers a reachable assertion, leading to a system crash.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

DoS

Assertion Failure

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-13122
USN-8540-1

Affected Products

Openvpn