OpenVPN 2.6.0-2.6.20/2.7.0-2.7.4 Remote DoS via Malformed Auth Token
CVE-2026-13122 Published on July 6, 2026
OpenVPN version 2.6.0 through 2.6.20 and 2.7_alpha1 through 2.7.4 allows remote attackers to cause a denial of service via a malformed authentication token that triggers a reachable assertion when external-auth is enabled
Weakness Type
What is an assertion failure Vulnerability?
The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.
CVE-2026-13122 has been classified to as an assertion failure vulnerability or weakness.
Products Associated with CVE-2026-13122
Want to know whenever a new CVE is published for OpenVPN? stack.watch will email you.
Affected Versions
OpenVPN:- Version 2.6.0, <= 2.6.20 is affected.
- Version 2.7_alpha1, <= 2.7.4 is affected.