CVE-2026-35058
Received Received - Intake
Improper Packet Length Validation in OpenVPN Leads to DoS

Publication date: 2026-06-08

Last updated on: 2026-06-08

Assigner: OpenVPN Inc.

Description
Improper validation of packet length during tls-crypt-v2 key extraction in OpenVPN 2.6.0 through 2.6.19 and 2.7_alpha1 through 2.7.1 allows authenticated attackers to trigger a fatal assertion and cause a denial of service via a specially crafted packet.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-08
Last Modified
2026-06-08
Generated
2026-06-09
AI Q&A
2026-06-08
EPSS Evaluated
N/A
NVD
CVE-2026-35058
EUVD
EUVD-2026-35197
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
openvpn openvpn From 2.6.0 (inc) to 2.6.19 (inc)
openvpn openvpn From 2.7_alpha1 (inc) to 2.7.1 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-617 The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability involves improper validation of packet length during the tls-crypt-v2 key extraction process in OpenVPN versions 2.6.0 through 2.6.19 and 2.7_alpha1 through 2.7.1.

An authenticated attacker can exploit this flaw by sending a specially crafted packet that triggers a fatal assertion, causing the OpenVPN service to crash.

This results in a denial of service condition.

Impact Analysis

The primary impact of this vulnerability is a denial of service (DoS) attack.

An attacker who is authenticated can cause the OpenVPN service to crash by sending a specially crafted packet, disrupting VPN connectivity and potentially affecting network availability.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-35058. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart