Home

Description

Improper validation of packet length during tls-crypt-v2 key extraction in OpenVPN 2.6.0 through 2.6.19 and 2.7_alpha1 through 2.7.1 allows authenticated attackers to trigger a fatal assertion and cause a denial of service via a specially crafted packet.

PUBLISHED Reserved 2026-04-13 | Published 2026-06-08 | Updated 2026-06-08 | Assigner OpenVPN




MEDIUM: 6.9CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H

Problem types

CWE-617 Reachable assertion

Product status

Default status
unaffected

2.6.0 (semver)
affected

2.7_alpha1 (semver)
affected

References

www.talosintelligence.com/...ability_reports/TALOS-2026-2381

community.openvpn.net/Security Announcements/CVE-2026-35058 vendor-advisory

community.openvpn.net/ReleaseHistory release-notes

community.openvpn.net/ReleaseHistory release-notes

cve.org (CVE-2026-35058)

nvd.nist.gov (CVE-2026-35058)

Download JSON