A race condition in OpenVPN 2.6.0 through 2.6.19 and 2.7_alpha1 through 2.7.1 allows remote attackers to potentially cause a server crash or leak heap memory via a use-after-free triggered during TLS session promotion.
PUBLISHED5.2CWE-125CWE-416
Problem type
Affected products
OpenVPN
OpenVPN
<= 2.6.19 - AFFECTED
<= 2.7.1 - AFFECTED
References
community.openvpn.net
https://community.openvpn.net/Security%20Announcements/CVE-2026-40215
community.openvpn.net
https://community.openvpn.net/ReleaseHistory#openvpn-272-released-22-april-2026
community.openvpn.net
https://community.openvpn.net/ReleaseHistory#openvpn-2620-released-22-april-2026
GitHub Security Advisories
GHSA-3mmv-h5fc-pvwj
A race condition in OpenVPN 2.6.0 through 2.6.19 and 2.7_alpha1 through 2.7.1 allows remote...
https://github.com/advisories/GHSA-3mmv-h5fc-pvwjA race condition in OpenVPN 2.6.0 through 2.6.19 and 2.7_alpha1 through 2.7.1 allows remote attackers to potentially cause a server crash or leak heap memory via a use-after-free triggered during TLS session promotion.
nvd.nist.gov
https://nvd.nist.gov/vuln/detail/CVE-2026-40215
community.openvpn.net
https://community.openvpn.net/ReleaseHistory#openvpn-2620-released-22-april-2026
community.openvpn.net
https://community.openvpn.net/ReleaseHistory#openvpn-272-released-22-april-2026
community.openvpn.net
https://community.openvpn.net/Security%20Announcements/CVE-2026-40215
github.com
https://github.com/advisories/GHSA-3mmv-h5fc-pvwj
JSON source
https://cveawg.mitre.org/api/cve/CVE-2026-40215Click to expand
{
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"cveMetadata": {
"cveId": "CVE-2026-40215",
"assignerOrgId": "36a55730-e66d-4d39-8ca6-3c3b3017965e",
"assignerShortName": "OpenVPN",
"dateUpdated": "2026-06-08T19:59:20.481Z",
"dateReserved": "2026-04-13T10:28:10.354Z",
"datePublished": "2026-06-08T19:59:20.481Z",
"state": "PUBLISHED"
},
"containers": {
"cna": {
"providerMetadata": {
"orgId": "36a55730-e66d-4d39-8ca6-3c3b3017965e",
"shortName": "OpenVPN",
"dateUpdated": "2026-06-08T19:59:20.481Z"
},
"descriptions": [
{
"lang": "en",
"value": "A race condition in OpenVPN 2.6.0 through 2.6.19 and 2.7_alpha1 through 2.7.1 allows remote attackers to potentially cause a server crash or leak heap memory via a use-after-free triggered during TLS session promotion."
}
],
"affected": [
{
"vendor": "OpenVPN",
"product": "OpenVPN",
"defaultStatus": "unaffected",
"versions": [
{
"version": "2.6.0",
"status": "affected",
"versionType": "semver",
"lessThanOrEqual": "2.6.19"
},
{
"version": "2.7_alpha1",
"status": "affected",
"versionType": "semver",
"lessThanOrEqual": "2.7.1"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"lang": "en",
"description": "CWE-125 Out-of-bounds read",
"cweId": "CWE-125",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"lang": "en",
"description": "CWE-416 Use after free",
"cweId": "CWE-416",
"type": "CWE"
}
]
}
],
"references": [
{
"url": "https://community.openvpn.net/Security%20Announcements/CVE-2026-40215",
"tags": [
"vendor-advisory"
]
},
{
"url": "https://community.openvpn.net/ReleaseHistory#openvpn-272-released-22-april-2026",
"tags": [
"release-notes"
]
},
{
"url": "https://community.openvpn.net/ReleaseHistory#openvpn-2620-released-22-april-2026",
"tags": [
"release-notes"
]
}
],
"metrics": [
{
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
]
}
}
}