Denial of Service Vulnerability in OpenVPN Affects Multiple Versions
CVE-2026-13122
5.9MEDIUM
What is CVE-2026-13122?
A vulnerability has been identified in OpenVPN that permits remote attackers to launch denial of service attacks. This occurs when a malformed authentication token is processed, ultimately resulting in a reachable assertion when the external authentication feature is enabled. The flaw affects versions 2.6.0 through 2.6.20 and includes pre-release versions leading up to 2.7.4, potentially compromising the availability of the service.
Affected Version(s)
OpenVPN 2.6.0 <= 2.6.20
OpenVPN 2.7_alpha1 <= 2.7.4