VYPR
Medium severityNVD Advisory· Published Jun 8, 2026· Updated Jun 9, 2026

CVE-2026-35058

CVE-2026-35058

Description

Improper validation of packet length during tls-crypt-v2 key extraction in OpenVPN 2.6.0 through 2.6.19 and 2.7_alpha1 through 2.7.1 allows authenticated attackers to trigger a fatal assertion and cause a denial of service via a specially crafted packet.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • OpenVPN/OpenVPNinferred2 versions
    >=2.6.0,<2.6.20,>=2.7.0.alpha1,<2.7.2+ 1 more
    • (no CPE)range: >=2.6.0,<2.6.20,>=2.7.0.alpha1,<2.7.2
    • (no CPE)range: 2.6.0-2.6.19, 2.7_alpha1-2.7.1

Patches

Vulnerability mechanics

References

4

News mentions

1