vulnerability
Ubuntu: USN-8286-1 (CVE-2026-35058): OpenVPN vulnerabilities
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 9 | (AV:N/AC:M/Au:N/C:C/I:N/A:C) | May 20, 2026 | May 25, 2026 | May 25, 2026 |
Severity
9
CVSS
(AV:N/AC:M/Au:N/C:C/I:N/A:C)
Published
May 20, 2026
Added
May 25, 2026
Modified
May 25, 2026
Description
Guannan Wang, Zhanpeng Liu, Guancheng Li, and Emma Reuter
discovered that OpenVPN incorrectly handled suitably malformed
packets with valid tls-crypt-v2 keys. An attacker could possibly use
this issue to cause OpenVPN to crash, resulting in a denial of
service. (CVE-2026-35058)
Guannan Wang, Zhanpeng Liu, and Guancheng Li discovered that
OpenVPN had a race condition in the TLS handshake process that could
leak packet data from a previous handshake under certain
circumstances. An attacker could possibly use this issue to obtain
sensitive information. (CVE-2026-40215)
Solution
ubuntu-upgrade-openvpn
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.