OpenVPN 2.8.0 Buffer Overflow in ovpndcowinversion AEAD Tag
CVE-2026-2738 Published on February 19, 2026

Buffer overflow in ovpndcowinversion 2.8.0 allows local attackers to cause a system crash by sending too large packets to the remote peer when the AEAD tag appears at the end of the encrypted packet

Vendor Advisory NVD

Weakness Type

Incorrect Calculation of Buffer Size

The software does not correctly calculate the size to be used when allocating a buffer, which could lead to a buffer overflow.

Affected Versions

OpenVPN ovpn-dco-win Version 2.8.0 is affected by CVE-2026-2738

Exploit Probability

EPSS

0.02%

Percentile

5.45%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

OpenVPN 2.8.0 Buffer Overflow in ovpndcowinversion AEAD TagCVE-2026-2738 Published on February 19, 2026

Weakness Type

Incorrect Calculation of Buffer Size

Affected Versions

Exploit Probability

OpenVPN 2.8.0 Buffer Overflow in ovpndcowinversion AEAD Tag
CVE-2026-2738 Published on February 19, 2026