Denial of Service Vulnerability in OpenVPN Affects Multiple Versions
CVE-2026-13122

5.9MEDIUM

Key Information:

Vendor

Openvpn

Status
Vendor
CVE Published:
6 July 2026

What is CVE-2026-13122?

A vulnerability has been identified in OpenVPN that permits remote attackers to launch denial of service attacks. This occurs when a malformed authentication token is processed, ultimately resulting in a reachable assertion when the external authentication feature is enabled. The flaw affects versions 2.6.0 through 2.6.20 and includes pre-release versions leading up to 2.7.4, potentially compromising the availability of the service.

Affected Version(s)

OpenVPN 2.6.0 <= 2.6.20

OpenVPN 2.7_alpha1 <= 2.7.4

References

CVSS V4

Score:
5.9
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Attack Required:
Physical
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.