Vulnerability in Openvpn
CVE-2026-13122
OpenVPN version 2.6.0 through 2.6.20 and 2.7_alpha1 through 2.7.4 allows remote attackers to cause a denial of service via a malformed authentication token that triggers a reachable assertion when external-auth is enabled
Affected products
- Openvpn — versions 2.6.0, 2.7_alpha1
Weakness classification (CWE)
References
- security@openvpn.net (vendor-advisory)