VYPR
Medium severityNVD Advisory· Published Jun 8, 2026· Updated Jun 9, 2026

CVE-2026-40215

CVE-2026-40215

Description

A race condition in OpenVPN 2.6.0 through 2.6.19 and 2.7_alpha1 through 2.7.1 allows remote attackers to potentially cause a server crash or leak heap memory via a use-after-free triggered during TLS session promotion.

Affected products

2
  • OpenVPN/OpenVPNinferred2 versions
    >=2.7_alpha1,<2.7.1+ 1 more
    • (no CPE)range: >=2.7_alpha1,<2.7.1
    • (no CPE)range: 2.6.0-2.6.19, 2.7_alpha1-2.7.1

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.