CVE-2026-40215

EUVD-2026-35200
A race condition in OpenVPN 2.6.0 through 2.6.19 and 2.7_alpha1 through 2.7.1 allows remote attackers to potentially cause a server crash or leak heap memory via a use-after-free triggered during TLS session promotion.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
OpenVPNCNA
6.1 MEDIUM
NETWORK
HIGH
LOW
CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:L/SI:N/SA:L
Base Score
CVSS 3.x
EPSS Score
Percentile: 33%
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
openvpnopenvpn
2.6.0 ≤
𝑥
≤ 2.6.19
CNA
openvpnopenvpn
𝑥
≤ 2.7.1
CNA
Debian logo
Debian Releases
Debian Product
Codename
openvpn
bookworm
vulnerable
bookworm (security)
2.6.14-0+deb12u1
fixed
bullseye
vulnerable
bullseye (security)
vulnerable
forky
2.7.3-1
fixed
sid
2.7.3-1
fixed
trixie
vulnerable
trixie (security)
2.6.14-1+deb13u2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
openvpn
bionic
needs-triage
focal
needs-triage
jammy
Fixed 2.5.11-0ubuntu0.22.04.3
released
noble
Fixed 2.6.19-0ubuntu0.24.04.2
released
questing
Fixed 2.6.19-0ubuntu0.25.10.2
released
resolute
Fixed 2.7.0-1ubuntu1.1
released
trusty
needs-triage
xenial
needs-triage
Amazon Linux logo
Amazon Linux Releases
Amazon Package
Release
openvpn
Amazon Linux 2023
0:2.6.12-1.amzn2023.0.4
fixed
openvpn-debuginfo
Amazon Linux 2023
0:2.6.12-1.amzn2023.0.4
fixed
openvpn-debugsource
Amazon Linux 2023
0:2.6.12-1.amzn2023.0.4
fixed
openvpn-devel
Amazon Linux 2023
0:2.6.12-1.amzn2023.0.4
fixed
Common Weakness Enumeration
Vulnerability Media Exposure
References
https://community.openvpn.net/ReleaseHistory#openvpn-2620-released-22-april-2026
https://community.openvpn.net/ReleaseHistory#openvpn-272-released-22-april-2026
https://community.openvpn.net/Security%20Announcements/CVE-2026-40215