Resource exhaustion in Openvpn

CVE-2026-13698

A memory leak in OpenVPN version 2.5.0 through 2.5.11, 2.6.0 through 2.6.20 and 2.7_alpha1 through 2.7.4 allows remote attackers with a valid tls-crypt-v2 client key to potentially cause a denial of service

Affected products

  • Openvpn — versions 2.5.0, 2.6.0, 2.7_alpha1

Weakness classification (CWE)

References