What is CVE-2026-39312?

CVE-2026-39312 is a high-severity vulnerability in Softethervpn, classified under CWE-789. CVSS score: 7.5/10. Published 2026-04-07.

How severe is CVE-2026-39312?

High severity. CVSS v3 base score is 7.5 out of 10.

Vulnerability in Softethervpn

CVE-2026-39312

SoftEtherVPN is a an open-source cross-platform multi-protocol VPN Program. In 5.2.5188 and earlier, a pre-authentication denial-of-service vulnerability exists in SoftEther VPN Developer Edition 5.2.5188 (and likely earlier versions of De…

EPSS: 0.004 (60.3th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.5 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H.

Affected products

Softethervpn — versions <= 5.2.5188

Weakness classification (CWE)

CWE-789

References

https://github.com/SoftEtherVPN/SoftEtherVPN/security/advisories/GHSA-q5g3-qhc6-pr3h (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2026-39312?: CVE-2026-39312 is a high-severity vulnerability in Softethervpn, classified under CWE-789. CVSS score: 7.5/10. Published 2026-04-07.
How severe is CVE-2026-39312?: High severity. CVSS v3 base score is 7.5 out of 10.