Primary

Context

OpenVPN Denial-of-Service Vulnerability Due to Insufficient Epoch Key Slot Processing

Vulnerability

Patched

A denial-of-service vulnerability has been identified in OpenVPN versions 2.7_alpha1 through 2.7_rc5. This issue arises from inadequate handling of epoch key slots, which allows remote authenticated users to trigger an assertion that causes OpenVPN to exit unexpectedly.

Impact

Exploitation of this vulnerability leads to a denial-of-service condition, causing OpenVPN to crash.

Added: Jan 30, 2026, 6:19 PM

Updated: Jan 30, 2026, 7:23 PM

Vulnerability Rating

Custom Algorithm

spread

7.6

impact

2.5

exploitability

5.4

remediation

7.7

relevance

2.5

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

7.6

impact

2.5

exploitability

5.4

remediation

7.7

relevance

2.5

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

OpenVPN Denial-of-Service Vulnerability Due to Insufficient Epoch Key Slot Processing

Vulnerability

Impact

Affected Products

OpenVPN

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating