CVE-2026-9560
CRITICAL
9,4
Source: [email protected]
Attack Vector: local
Attack Complexity: low
Privileges Required: none
User Interaction: none
Confidentiality: N/A
Integrity: N/A
Availability: N/A
Description
AI Translation Available
Privilege escalation via background service of OpenVPN Connect 3.5.1 through 3.8.1 on macOS allows attackers to execute arbitrary commands with elevated privileges via local IPC channel
78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
StableCommon Consequences
Security Scopes Affected:
Confidentiality
Integrity
Availability
Non-Repudiation
Potential Impacts:
Execute Unauthorized Code Or Commands
Dos: Crash, Exit, Or Restart
Read Files Or Directories
Modify Files Or Directories
Read Application Data
Modify Application Data
Hide Activities
Applicable Platforms
Technologies:
Not Technology-Specific, AI/ML, Web Server
267
Privilege Defined With Unsafe Actions
IncompleteCommon Consequences
Security Scopes Affected:
Access Control
Potential Impacts:
Gain Privileges Or Assume Identity
Applicable Platforms
All platforms may be affected
270
Privilege Context Switching Error
DraftCommon Consequences
Security Scopes Affected:
Access Control
Potential Impacts:
Gain Privileges Or Assume Identity
Applicable Platforms
All platforms may be affected
648
Incorrect Use of Privileged APIs
IncompleteCommon Consequences
Security Scopes Affected:
Access Control
Confidentiality
Integrity
Availability
Potential Impacts:
Gain Privileges Or Assume Identity
Read Application Data
Execute Unauthorized Code Or Commands
Applicable Platforms
All platforms may be affected
https://openvpn.net/connect-docs/macos-release-notes.html