Improper validation of packet length during tls-crypt-v2 key extraction in OpenVPN 2.6.0 through 2.6.19 and 2.7_alpha1 through 2.7.1 allows authenticated attackers to trigger a fatal assertion and cause a denial of service via a specially crafted packet.
PUBLISHED5.2CWE-617
Problem type
Affected products
OpenVPN
OpenVPN
<= 2.6.19 - AFFECTED
<= 2.7.1 - AFFECTED
References
community.openvpn.net
https://community.openvpn.net/Security%20Announcements/CVE-2026-35058
community.openvpn.net
https://community.openvpn.net/ReleaseHistory#openvpn-272-released-22-april-2026
community.openvpn.net
https://community.openvpn.net/ReleaseHistory#openvpn-2620-released-22-april-2026
GitHub Security Advisories
GHSA-22j3-3q48-2rmj
Improper validation of packet length during tls-crypt-v2 key extraction in OpenVPN 2.6.0 through...
https://github.com/advisories/GHSA-22j3-3q48-2rmjImproper validation of packet length during tls-crypt-v2 key extraction in OpenVPN 2.6.0 through 2.6.19 and 2.7_alpha1 through 2.7.1 allows authenticated attackers to trigger a fatal assertion and cause a denial of service via a specially crafted packet.
nvd.nist.gov
https://nvd.nist.gov/vuln/detail/CVE-2026-35058
community.openvpn.net
https://community.openvpn.net/ReleaseHistory#openvpn-2620-released-22-april-2026
community.openvpn.net
https://community.openvpn.net/ReleaseHistory#openvpn-272-released-22-april-2026
community.openvpn.net
https://community.openvpn.net/Security%20Announcements/CVE-2026-35058
talosintelligence.com
https://www.talosintelligence.com/vulnerability_reports/TALOS-2026-2381
github.com
https://github.com/advisories/GHSA-22j3-3q48-2rmj
JSON source
https://cveawg.mitre.org/api/cve/CVE-2026-35058Click to expand
{
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"cveMetadata": {
"cveId": "CVE-2026-35058",
"assignerOrgId": "36a55730-e66d-4d39-8ca6-3c3b3017965e",
"assignerShortName": "OpenVPN",
"dateUpdated": "2026-06-08T19:49:17.361Z",
"dateReserved": "2026-04-13T10:28:10.361Z",
"datePublished": "2026-06-08T19:29:56.309Z",
"state": "PUBLISHED"
},
"containers": {
"cna": {
"providerMetadata": {
"orgId": "36a55730-e66d-4d39-8ca6-3c3b3017965e",
"shortName": "OpenVPN",
"dateUpdated": "2026-06-08T19:29:56.309Z"
},
"descriptions": [
{
"lang": "en",
"value": "Improper validation of packet length during tls-crypt-v2 key extraction in OpenVPN 2.6.0 through 2.6.19 and 2.7_alpha1 through 2.7.1 allows authenticated attackers to trigger a fatal assertion and cause a denial of service via a specially crafted packet."
}
],
"affected": [
{
"vendor": "OpenVPN",
"product": "OpenVPN",
"defaultStatus": "unaffected",
"versions": [
{
"version": "2.6.0",
"status": "affected",
"versionType": "semver",
"lessThanOrEqual": "2.6.19"
},
{
"version": "2.7_alpha1",
"status": "affected",
"versionType": "semver",
"lessThanOrEqual": "2.7.1"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"lang": "en",
"description": "CWE-617 Reachable assertion",
"cweId": "CWE-617",
"type": "CWE"
}
]
}
],
"references": [
{
"url": "https://community.openvpn.net/Security%20Announcements/CVE-2026-35058",
"tags": [
"vendor-advisory"
]
},
{
"url": "https://community.openvpn.net/ReleaseHistory#openvpn-272-released-22-april-2026",
"tags": [
"release-notes"
]
},
{
"url": "https://community.openvpn.net/ReleaseHistory#openvpn-2620-released-22-april-2026",
"tags": [
"release-notes"
]
}
],
"metrics": [
{
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
]
},
"adp": [
{
"providerMetadata": {
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE",
"dateUpdated": "2026-06-08T19:47:23.911Z"
},
"title": "CVE Program Container",
"references": [
{
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2026-2381"
}
]
},
{
"providerMetadata": {
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP",
"dateUpdated": "2026-06-08T19:49:17.361Z"
},
"title": "CISA ADP Vulnrichment",
"metrics": [
{}
]
}
]
}
}