Memory Leak Vulnerability in OpenVPN by OpenVPN Technologies
CVE-2026-13698
6MEDIUM
What is CVE-2026-13698?
A vulnerability exists in OpenVPN versions 2.5.0 through 2.5.11, 2.6.0 through 2.6.20, and 2.7_alpha1 through 2.7.4, where memory leak can be exploited by remote attackers possessing a valid tls-crypt-v2 client key. This exploitation can result in a denial of service, affecting the application's stability and availability. It is crucial for users to update to patched versions to mitigate the risk associated with this memory leak.
Affected Version(s)
OpenVPN 2.5.0 <= 2.5.11
OpenVPN 2.6.0 <= 2.6.20
OpenVPN 2.7_alpha1 <= 2.7.4