OpenVPN 2.6.x-2.7.1 TLS-Crypt-V2 Length Validation DoS
CVE-2026-35058 Published on June 8, 2026
Improper validation of packet length during tls-crypt-v2 key extraction in OpenVPN 2.6.0 through 2.6.19 and 2.7_alpha1 through 2.7.1 allows authenticated attackers to trigger a fatal assertion and cause a denial of service via a specially crafted packet.
Weakness Type
What is an assertion failure Vulnerability?
The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.
CVE-2026-35058 has been classified to as an assertion failure vulnerability or weakness.
Products Associated with CVE-2026-35058
stack.watch emails you whenever new vulnerabilities are published in Canonical Ubuntu Linux or OpenVPN. Just hit a watch button to start following.
Affected Versions
OpenVPN:- Version 2.6.0, <= 2.6.19 is affected.
- Version 2.7_alpha1, <= 2.7.1 is affected.