CVE-2026-11604

5.6MEDIUM

Key Information:

Vendor: Openvpn
Status: Ovpn-dco-win
Vendor: CVE Published:; 10 June 2026

What is CVE-2026-11604?

An incorrect buffer size calculation in the epoch key generator in OpenVPN ovpn-dco-win version 2.0.0 through 2.8.3 allows a remote authenticated peer to trigger a heap-based buffer overflow and kernel memory corruption via a crafted data packet, resulting in a system crash (denial of service).

Affected Version(s)

ovpn-dco-win Windows 2.0.0 <= 2.5.8

References

https://github.com/OpenVPN/ovpn-dco-win/releases

product

https://community.openvpn.net/Security%20Announcements/CV...

vendor-advisory

CVSS V4

Score:

5.6

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 10, 2026
Vulnerability Reserved
Jun 8, 2026

CVE-2026-11604 Data

JSON

Openvpn

What is CVE-2026-11604?

Affected Version(s)

References

CVSS V4

Timeline