Description
Improper validation of packet length during tls-crypt-v2 key extraction in OpenVPN 2.6.0 through 2.6.19 and 2.7_alpha1 through 2.7.1 allows authenticated attackers to trigger a fatal assertion and cause a denial of service via a specially crafted packet.
Published: 2026-06-08
Score: 6.9 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is an improper validation of packet length during tls-crypt-v2 key extraction in OpenVPN versions 2.6.0–2.6.19 and 2.7_alpha1–2.7.1. An attacker who can send specially crafted packets can trigger a fatal assertion, causing the OpenVPN process to terminate and resulting in a denial of service. The flaw is a bounds-check failure (CWE-617) involving input validation, and it does not directly compromise confidentiality or integrity.

Affected Systems

Affected installations include OpenVPN software by OpenVPN Inc. The vulnerable versions are OpenVPN 2.6.0 through 2.6.19 and the alpha releases 2.7_alpha1 through 2.7.1. All deployments that use tls-crypt-v2 for key exchange in these releases are susceptible.

Risk and Exploitability

The CVSS score of 6.9 indicates a moderate severity. The EPSS score is not available, and the vulnerability is not listed in the CISA KEV catalog, suggesting no current widespread exploitation. Attackers must be authenticated to the VPN service and capable of sending a crafted packet, so the threat requires legitimate credentials or compromised client software. Because the impact is a loss of service, it can affect availability for users and disrupt network connectivity, especially in environments where the OpenVPN server is a critical component.

Generated by OpenCVE AI on June 8, 2026 at 20:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to OpenVPN 2.6.20 or later and to OpenVPN 2.7.2 or later, as these releases contain the fixed key extraction logic.
  • If an immediate patch is not possible, temporarily disable the tls-crypt-v2 option on both the server and client configurations until the upgrade can be applied.
  • Monitor OpenVPN logs for assertion failures and apply network segmentation or firewall rules to limit traffic from untrusted sources during remediation.

Generated by OpenCVE AI on June 8, 2026 at 20:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Debian DSA Debian DSA DSA-6289-1 openvpn security update
Ubuntu USN Ubuntu USN USN-8286-1 OpenVPN vulnerabilities
History

Mon, 08 Jun 2026 21:30:00 +0000

Type Values Removed Values Added
References

Mon, 08 Jun 2026 20:45:00 +0000

Type Values Removed Values Added
Title Improper Packet Length Validation in OpenVPN's tls-crypt-v2 Leads to DoS
First Time appeared Openvpn
Openvpn openvpn
Vendors & Products Openvpn
Openvpn openvpn

Mon, 08 Jun 2026 20:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 08 Jun 2026 19:45:00 +0000

Type Values Removed Values Added
Description Improper validation of packet length during tls-crypt-v2 key extraction in OpenVPN 2.6.0 through 2.6.19 and 2.7_alpha1 through 2.7.1 allows authenticated attackers to trigger a fatal assertion and cause a denial of service via a specially crafted packet.
Weaknesses CWE-617
References
Metrics cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H'}

Subscriptions

Openvpn Openvpn
cve-icon MITRE

Status: PUBLISHED

Assigner: OpenVPN

Published:

Updated: 2026-06-08T19:49:17.361Z

Reserved: 2026-04-13T10:28:10.361Z

Link: CVE-2026-35058

cve-icon Vulnrichment

Updated: 2026-06-08T19:47:23.911Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-06-08T20:17:00.497

Modified: 2026-06-09T02:08:28.150

Link: CVE-2026-35058

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-08T20:30:06Z

Weaknesses