CVE-2026-13698
Received Received - Intake

Memory Leak in OpenVPN TLS-Crypt-V2 Client Key

Vulnerability report for CVE-2026-13698, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-06

Last updated on: 2026-07-06

Assigner: OpenVPN Inc.

Description

A memory leak in OpenVPN version 2.5.0 through 2.5.11, 2.6.0 through 2.6.20 and 2.7_alpha1 through 2.7.4 allows remote attackers with a valid tls-crypt-v2 client key to potentially cause a denial of service

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-06
Last Modified
2026-07-06
Generated
2026-07-06
AI Q&A
2026-07-06
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 3 associated CPEs
Vendor Product Version / Range
openvpn openvpn From 2.5.0 (inc) to 2.5.11 (inc)
openvpn openvpn From 2.6.0 (inc) to 2.6.20 (inc)
openvpn openvpn From 2.7_alpha1 (inc) to 2.7.4 (inc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-770 The product allocates a reusable resource or group of resources on behalf of an actor without imposing any intended restrictions on the size or number of resources that can be allocated.
CWE-401 The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability is a memory leak found in OpenVPN versions 2.5.0 through 2.5.11, 2.6.0 through 2.6.20, and 2.7_alpha1 through 2.7.4. It allows remote attackers who possess a valid tls-crypt-v2 client key to potentially cause a denial of service.

Impact Analysis

The impact of this vulnerability is that an attacker with a valid tls-crypt-v2 client key can exploit the memory leak to cause a denial of service, potentially disrupting the availability of the OpenVPN service.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-13698. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart