{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2026-40215","assignerOrgId":"36a55730-e66d-4d39-8ca6-3c3b3017965e","state":"PUBLISHED","assignerShortName":"OpenVPN","dateReserved":"2026-04-13T10:28:10.354Z","datePublished":"2026-06-08T19:59:20.481Z","dateUpdated":"2026-06-08T19:59:20.481Z"},"containers":{"cna":{"providerMetadata":{"orgId":"36a55730-e66d-4d39-8ca6-3c3b3017965e","shortName":"OpenVPN","dateUpdated":"2026-06-08T19:59:20.481Z"},"problemTypes":[{"descriptions":[{"lang":"en","cweId":"CWE-125","description":"CWE-125 Out-of-bounds read","type":"CWE"}]},{"descriptions":[{"lang":"en","cweId":"CWE-416","description":"CWE-416 Use after free","type":"CWE"}]}],"affected":[{"vendor":"OpenVPN","product":"OpenVPN","versions":[{"status":"affected","version":"2.6.0","lessThanOrEqual":"2.6.19","versionType":"semver"},{"status":"affected","version":"2.7_alpha1","lessThanOrEqual":"2.7.1","versionType":"semver"}],"defaultStatus":"unaffected"}],"descriptions":[{"lang":"en","value":"A race condition in OpenVPN 2.6.0 through 2.6.19 and 2.7_alpha1 through 2.7.1 allows remote attackers to potentially cause a server crash or leak heap memory via a use-after-free triggered during TLS session promotion."}],"references":[{"url":"https://community.openvpn.net/Security%20Announcements/CVE-2026-40215","tags":["vendor-advisory"]},{"url":"https://community.openvpn.net/ReleaseHistory#openvpn-272-released-22-april-2026","tags":["release-notes"]},{"url":"https://community.openvpn.net/ReleaseHistory#openvpn-2620-released-22-april-2026","tags":["release-notes"]}],"metrics":[{"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}],"cvssV4_0":{"attackVector":"NETWORK","attackComplexity":"HIGH","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","subConfidentialityImpact":"LOW","vulnIntegrityImpact":"NONE","subIntegrityImpact":"NONE","vulnAvailabilityImpact":"HIGH","subAvailabilityImpact":"LOW","exploitMaturity":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED","version":"4.0","baseSeverity":"MEDIUM","baseScore":6.1,"vectorString":"CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:L/SI:N/SA:L"}}],"x_generator":{"engine":"cvelib 1.8.0"}}}}