Skip to main content

OpenVPN CVE-2026-13698

| EUVDEUVD-2026-41877 MEDIUM
Memory Leak (CWE-401)
6.0
CVSS 4.0 · Vendor
Share

Severity by source

Vendor (CNA) PRIMARY
6.0 MEDIUM
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
5.3 MEDIUM

AT:P maps to AC:H for specific packet-sequence prerequisite; passive UI:P maps to UI:R; only availability impact applies with no scope change.

3.1 AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H
4.0 AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
SUSE
5.9 MEDIUM
AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Red Hat
4.9 MEDIUM
qualitative

Primary rating from Vendor (CNA).

CVSS VectorVendor

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
P
Scope
X

Lifecycle Timeline

4
Analysis Generated
Jul 06, 2026 - 15:40 vuln.today
CVSS changed
Jul 06, 2026 - 15:37 NVD
6.0 (MEDIUM)
CVE Published
Jul 02, 2026 - 10:57 github-releases
MEDIUM 6.0
CVE Published
Jul 02, 2026 - 10:57 github-releases
UNKNOWN (no severity yet)

Description PRE-NVD

Disclosed via GitHub release of openvpn/openvpn. NVD scoring and full description are pending.

AnalysisAI

Memory leak in OpenVPN (pre-2.7.5) allows network-accessible unauthenticated attackers to exhaust server memory, resulting in high availability impact and denial of service. The flaw, classified CWE-401, requires specific attack prerequisites (CVSS 4.0 AT:P) and passive client interaction (UI:P), meaning it is not trivially exploitable against all default deployments. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Reach exposed OpenVPN listener port
Delivery
Send crafted control or auth packet sequence
Exploit
Trigger memory allocation without deallocation
Execution
Repeat sequence to accumulate leak
Persist
Server memory exhausted
Impact
OpenVPN service crashes or hangs

Vulnerability AssessmentAI

Exploitation The CVSS 4.0 AT:P metric confirms that specific attack prerequisites beyond simple network access are required - the exact triggering condition (specific packet sequence, connection state, or configuration) is not fully detailed in the truncated disclosure. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 4.0 score of 6.0 with VA:H reflects a genuine but conditionally exploitable denial-of-service risk. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An unauthenticated attacker sends a crafted sequence of control-channel or authentication packets to an exposed OpenVPN server running a pre-2.7.5 version, triggering memory allocations that are never freed. By repeating the sequence, the attacker exhausts available server memory, causing the VPN service to become unresponsive or crash, cutting off legitimate remote access for all users. …
Remediation Upgrade to OpenVPN 2.7.5, the patched release confirmed at https://github.com/OpenVPN/openvpn/releases/tag/v2.7.5. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2018-7544 CRITICAL POC
9.1 Mar 16

A cross-protocol scripting issue was discovered in the management interface in OpenVPN through 2.4.5. Rated critical sev

CVE-2017-7478 HIGH POC
7.5 May 15

OpenVPN version 2.3.12 and newer is vulnerable to unauthenticated Denial of Service of server via received large control

CVE-2018-9336 HIGH POC
7.8 May 01

openvpnserv.exe (aka the interactive service helper) in OpenVPN 2.4.x before 2.4.6 allows a local attacker to cause a do

CVE-2023-46850 CRITICAL
9.8 Nov 11

Use after free in OpenVPN version 2.6.0 to 2.6.6 may lead to undefined behavoir, leaking memory buffers or remote execut

CVE-2019-25429 MEDIUM POC
6.1 Feb 19

Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attackers to inject malic

CVE-2019-25428 MEDIUM POC
6.1 Feb 19

Comodo Dome Firewall 2.7.0 contains multiple reflected cross-site scripting vulnerabilities in the openvpn_users endpoin

CVE-2017-12166 CRITICAL
9.8 Oct 04

OpenVPN versions before 2.3.3 and 2.4.x before 2.4.4 are vulnerable to a buffer overflow vulnerability when key-method 1

CVE-2024-27903 CRITICAL
9.8 Jul 08

OpenVPN plug-ins on Windows with OpenVPN 2.6.9 and earlier could be loaded from any directory, which allows an attacker

CVE-2022-0547 CRITICAL
9.8 Mar 18

OpenVPN 2.1 until v2.4.12 and v2.5.6 may enable authentication bypass in external authentication plug-ins when more than

CVE-2020-7224 CRITICAL
9.8 Apr 16

The Aviatrix OpenVPN client through 2.5.7 on Linux, macOS, and Windows is vulnerable when OpenSSL parameters are altered

CVE-2025-12106 CRITICAL
9.1 Dec 01

Insufficient argument validation in OpenVPN 2.7_alpha1 through 2.7_rc1 allows an attacker to trigger a heap buffer over-

CVE-2024-4877 HIGH
8.8 Apr 03

OpenVPN version 2.4.0 through 2.6.10 on Windows allows an external, lesser privileged process to create a named pipe whi

Vendor StatusVendor

SUSE

Severity: Moderate
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Affected
SUSE Linux Enterprise High Performance Computing 15 SP7 Affected
SUSE Linux Enterprise Module for Basesystem 15 SP7 Affected
SUSE Linux Enterprise Server 15 SP7 Affected
SUSE Linux Enterprise Server 16.0 Affected

Share

CVE-2026-13698 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy