Openvpn: community verdicts
4 notable / known-exploited Openvpn CVEs the community has triaged.
- CVE-2023-46850CRIT 9.8Real · low riskEPSS 2%
Use after free in OpenVPN version 2.6.0 to 2.6.6 may lead to undefined behavoir, leaking memory buffers or remote execution when sending network buffers to a remote peer.
- CVE-2026-13698HIGH 7.5Real · low riskEPSS 1%
A memory leak in OpenVPN version 2.5.0 through 2.5.11, 2.6.0 through 2.6.20 and 2.7_alpha1 through 2.7.4 allows remote attackers with a valid tls-crypt-v2 client key to potentially cause a denial of service
- CVE-2026-13122MED 5.3EPSS 0%
OpenVPN version 2.6.0 through 2.6.20 and 2.7_alpha1 through 2.7.4 allows remote attackers to cause a denial of service via a malformed authentication token that triggers a reachable assertion when external-auth is enabled
- CVE-2025-3110HIGH 7.5Real · low riskEPSS 0%
OpenVPN Access Server 2.7.2 through 3.1.0 accepts bare line-feed sequences inside HTTP header values, allowing remote attackers to perform HTTP request smuggling when deployed behind a reverse proxy