Severity by source
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from GitHub Advisory · only source for this CVE.
CVSS VectorGitHub Advisory
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
4DescriptionGitHub Advisory
Tunnelblick is an open source graphic user interface for OpenVPN on macOS. In versions 3.3beta26 through 9.0beta01, any local user can read arbitrary root-owned files by exploiting a symlink following vulnerability in tunnelblick-helper, reachable through the world-accessible tunnelblickd Unix socket. The socket is configured with mode 0666, allowing any local user to connect. No authorization check is performed on the connecting client. The tunnelblick-helper process constructs a path to config.ovpn inside a user-controlled .tblk directory and reads it as root without symlink validation. An attacker can create a .tblk configuration with a symlinked config.ovpn pointing to any file and request tunnelblickd to read it. This issue has been fixed in versions 9.0beta02.
AnalysisAI
Arbitrary file read as root via symlink following vulnerability in Tunnelblick versions 3.3beta26 through 9.0beta01 allows any local user to exploit tunnelblick-helper through the world-accessible tunnelblickd Unix socket to read arbitrary root-owned files. The vulnerability exists because tunnelblick-helper constructs paths to configuration files within user-controlled directories and reads them as root without validating symlinks, enabling attackers to redirect reads to sensitive files. Vendor-released patch available in version 9.0beta02. SSVC framework identifies this as exploitable with publicly available proof-of-concept code but not automatically exploitable.
Technical ContextAI
Tunnelblick is a graphical OpenVPN client for macOS that uses a privileged helper process named tunnelblick-helper to perform operations requiring root access. The vulnerability roots in CWE-61 (symlink following) where the helper process constructs file paths by joining user-controlled directories with hardcoded filenames without canonical path validation. The tunnelblickd Unix domain socket is created with overly permissive mode 0666, allowing any local user to connect regardless of privilege level, and no authentication or authorization checks validate the connecting client's identity or permissions. When a user requests tunnelblick-helper to read a configuration file from a .tblk bundle, the process follows symlinks without resolving the canonical path, allowing an attacker to redirect reads to arbitrary files outside the intended directory.
RemediationAI
Upgrade immediately to Tunnelblick version 9.0beta02 or later, which includes the security fix confirmed in the official release notes at https://github.com/Tunnelblick/Tunnelblick/releases/tag/v9.0beta02. The vendor notes that updating from certain older versions may require 60-90 seconds and may prompt for additional administrator authorization. For environments unable to immediately upgrade, restrict local user access to macOS systems running vulnerable Tunnelblick versions; this does not eliminate the vulnerability but reduces the pool of potential attackers to trusted users. Additionally, monitor the tunnelblickd socket for unexpected connections and audit file access patterns in privileged processes using macOS audit frameworks (audit(4) and log(1) tools) to detect exploitation attempts. However, these compensating controls are temporary measures only and should not delay patching.
Same weakness CWE-61 – UNIX Symbolic Link (Symlink) Following
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-27434