NVD Vulnerability Detail

Search Exploit, PoC

NVD脆弱性検索トップ

->

NVD Vulnerability Detail

CVE-2026-40215

Summary	A race condition in OpenVPN 2.6.0 through 2.6.19 and 2.7_alpha1 through 2.7.1 allows remote attackers to potentially cause a server crash or leak heap memory via a use-after-free triggered during TLS session promotion.
Publication Date	June 9, 2026, 6:16 a.m.
Registration Date	June 10, 2026, 4:12 a.m.
Last Update	June 9, 2026, 11:08 a.m.

Related information, measures and tools

No	URL	refsource	タグ
1	https://community.openvpn.net/ReleaseHistory#openvpn-2620-released-22-april-2026	security@openvpn.net
2	https://community.openvpn.net/ReleaseHistory#openvpn-272-released-22-april-2026	security@openvpn.net
3	https://community.openvpn.net/Security%20Announcements/CVE-2026-40215	security@openvpn.net

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-125	境界外読み取り	https://cwe.mitre.org/data/definitions/125.html
2	CWE-416	解放済みメモリの使用	https://cwe.mitre.org/data/definitions/416.html