CVE-2026-40215

Published: Giu 08, 2026 Last Modified: Giu 08, 2026

ExploitDB:

Other exploit source:

Google Dorks:

MEDIUM 6,1

Source: [email protected]

Attack Vector: network

Attack Complexity: high

Privileges Required: low

User Interaction: none

Confidentiality: N/A

Integrity: N/A

Availability: N/A

Description

AI Translation Available

A race condition in OpenVPN 2.6.0 through 2.6.19 and 2.7_alpha1 through 2.7.1 allows remote attackers to potentially cause a server crash or leak heap memory via a use-after-free triggered during TLS session promotion.

125

Out-of-bounds Read

Draft

Abstraction: Base Structure: Simple

Common Consequences

Security Scopes Affected:

Confidentiality Availability Other

Potential Impacts:

Read Memory Bypass Protection Mechanism Dos: Crash, Exit, Or Restart Varies By Context

Applicable Platforms

Languages: Memory-Unsafe, C, C++

Technologies: ICS/OT

View CWE Details

416

Use After Free

Stable

Abstraction: Variant Structure: Simple

Common Consequences

Security Scopes Affected:

Integrity Availability Confidentiality

Potential Impacts:

Modify Memory Dos: Crash, Exit, Or Restart Read Memory Execute Unauthorized Code Or Commands

Applicable Platforms

Languages: Memory-Unsafe, C, C++

Likelihood of Exploit: High

View CWE Details

https://community.openvpn.net/ReleaseHistory#openvpn-2620-r…

https://community.openvpn.net/ReleaseHistory#openvpn-2620-released-22-april-2026

https://community.openvpn.net/ReleaseHistory#openvpn-272-re…

https://community.openvpn.net/ReleaseHistory#openvpn-272-released-22-april-2026

https://community.openvpn.net/Security%20Announcements/CVE-…

https://community.openvpn.net/Security%20Announcements/CVE-2026-40215

CVE-2026-40215

Description

Out-of-bounds Read

Common Consequences

Applicable Platforms

Use After Free

Common Consequences

Applicable Platforms

Iscriviti alla newsletter