Skip to main content

OpenVPN CVE-2026-13122

| EUVDEUVD-2026-41880 MEDIUM
Reachable Assertion (CWE-617)
5.9
CVSS 4.0 · Vendor
Share

Severity by source

Vendor (CNA) PRIMARY
5.9 MEDIUM
CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
5.3 MEDIUM

Network-reachable DoS via assertion requires low-privilege auth and high-complexity timing; no confidentiality or integrity impact applies.

3.1 AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
4.0 AV:N/AC:H/AT:P/PR:L/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
SUSE
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Red Hat
5.3 MEDIUM
qualitative

Primary rating from Vendor (CNA).

CVSS VectorVendor

CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
High
Privileges Required
Low
User Interaction
P
Scope
X

Lifecycle Timeline

4
Analysis Generated
Jul 06, 2026 - 16:50 vuln.today
CVSS changed
Jul 06, 2026 - 16:22 NVD
5.9 (MEDIUM)
CVE Published
Jul 02, 2026 - 10:57 github-releases
MEDIUM 5.9
CVE Published
Jul 02, 2026 - 10:57 github-releases
UNKNOWN (no severity yet)

Description PRE-NVD

Disclosed via GitHub release of openvpn/openvpn. NVD scoring and full description are pending.

AnalysisAI

Denial-of-service in OpenVPN via a reachable assertion (CWE-617) allows a remote, low-privileged attacker to crash the OpenVPN daemon under high-complexity, timing-specific conditions. All OpenVPN deployments running versions prior to v2.7.5 are affected; the fix is available in the v2.7.5 release disclosed pre-NVD via GitHub. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Authenticate to OpenVPN server with low-privilege credentials
Delivery
Craft timing-specific control channel packet sequence
Exploit
Trigger reachable assertion in daemon code path
Execution
OpenVPN daemon process aborts
Impact
All active VPN tunnels terminated

Vulnerability AssessmentAI

Exploitation The CVSS 4.0 vector specifies PR:L (low privileges required), indicating the attacker must hold some form of authenticated access to the OpenVPN server - unauthenticated exploitation is not supported by the available data. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 4.0 score of 5.9 (Medium) appropriately reflects a constrained exploitation path: high attack complexity (AC:H), specific attack preconditions (AT:P), low privileges required (PR:L), passive user interaction (UI:P), and an availability-only impact (VA:H, VC:N, VI:N). … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario A remote attacker with low-level authenticated access to an OpenVPN server crafts a timing-specific sequence of control-channel packets that triggers a reachable assertion in the daemon, causing it to abort and terminating all active VPN sessions. The high attack complexity and specific timing preconditions (AC:H, AT:P) suggest exploitation requires detailed knowledge of the server's packet processing state rather than a simple one-shot payload. …
Remediation Upgrade to OpenVPN v2.7.5 or later, which contains the confirmed fix as published at https://github.com/OpenVPN/openvpn/releases/tag/v2.7.5 and referenced in the vendor security announcement at https://community.openvpn.net/Security%20Announcements/CVE-2026-13122. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2018-7544 CRITICAL POC
9.1 Mar 16

A cross-protocol scripting issue was discovered in the management interface in OpenVPN through 2.4.5. Rated critical sev

CVE-2017-7478 HIGH POC
7.5 May 15

OpenVPN version 2.3.12 and newer is vulnerable to unauthenticated Denial of Service of server via received large control

CVE-2018-9336 HIGH POC
7.8 May 01

openvpnserv.exe (aka the interactive service helper) in OpenVPN 2.4.x before 2.4.6 allows a local attacker to cause a do

CVE-2023-46850 CRITICAL
9.8 Nov 11

Use after free in OpenVPN version 2.6.0 to 2.6.6 may lead to undefined behavoir, leaking memory buffers or remote execut

CVE-2019-25429 MEDIUM POC
6.1 Feb 19

Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attackers to inject malic

CVE-2019-25428 MEDIUM POC
6.1 Feb 19

Comodo Dome Firewall 2.7.0 contains multiple reflected cross-site scripting vulnerabilities in the openvpn_users endpoin

CVE-2017-12166 CRITICAL
9.8 Oct 04

OpenVPN versions before 2.3.3 and 2.4.x before 2.4.4 are vulnerable to a buffer overflow vulnerability when key-method 1

CVE-2024-27903 CRITICAL
9.8 Jul 08

OpenVPN plug-ins on Windows with OpenVPN 2.6.9 and earlier could be loaded from any directory, which allows an attacker

CVE-2022-0547 CRITICAL
9.8 Mar 18

OpenVPN 2.1 until v2.4.12 and v2.5.6 may enable authentication bypass in external authentication plug-ins when more than

CVE-2020-7224 CRITICAL
9.8 Apr 16

The Aviatrix OpenVPN client through 2.5.7 on Linux, macOS, and Windows is vulnerable when OpenSSL parameters are altered

CVE-2025-12106 CRITICAL
9.1 Dec 01

Insufficient argument validation in OpenVPN 2.7_alpha1 through 2.7_rc1 allows an attacker to trigger a heap buffer over-

CVE-2024-4877 HIGH
8.8 Apr 03

OpenVPN version 2.4.0 through 2.6.10 on Windows allows an external, lesser privileged process to create a named pipe whi

Vendor StatusVendor

SUSE

Severity: Important
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Affected
SUSE Linux Enterprise High Performance Computing 15 SP7 Affected
SUSE Linux Enterprise Module for Basesystem 15 SP7 Affected
SUSE Linux Enterprise Server 15 SP7 Affected
SUSE Linux Enterprise Server 16.0 Affected

Share

CVE-2026-13122 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy