Resource exhaustion in Openvpn
CVE-2026-13698
A memory leak in OpenVPN version 2.5.0 through 2.5.11, 2.6.0 through 2.6.20 and 2.7_alpha1 through 2.7.4 allows remote attackers with a valid tls-crypt-v2 client key to potentially cause a denial of service
Affected products
- Openvpn — versions 2.5.0, 2.6.0, 2.7_alpha1
Weakness classification (CWE)
References
- security@openvpn.net (vendor-advisory)