Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 493
Alerts This Week
Warning Icon 1 493

Ubuntu 26.04 OpenVPN Critical Security Issues CVE-2026-11771

ubuntu
Calendar Grey July 14, 2026
Dist Ubuntu Esm H88
OpenVPN fixes critical security issues in Ubuntu with potential code execution and denial of service risks. Prompt updates are advisable.
Several security issues were fixed in OpenVPN.

Summary

Several security issues were fixed in OpenVPN.

Software Description:

- openvpn: virtual private network software

Details:

It was discovered that OpenVPN had a 1-byte buffer overrun when handling

NTLMv2 proxy responses. An attacker could use this issue to cause a denial

of service or possibly execute arbitrary code. This issue only affected

Ubuntu 24.04 LTS and Ubuntu 26.04 LTS. (CVE-2026-11771)

It was discovered that OpenVPN incorrectly handled metadata when extracting

tls-crypt-v2 client keys. An attacker could possibly use this issue to

obtain sensitive information. (CVE-2026-12932)

It was discovered that OpenVPN had a use-after-free in the ack_write_buf

handling. An attacker could use this issue to cause OpenVPN to crash,

resulting in a denial of service, or possibly execute arbitrary code.

(CVE-2026-12996)

It was discovered that OpenVPN had a use-after-free in the tls_wrap_reneg

handling. An attacker could use this issue to cause OpenVPN to crash,

resulting in a denial of...

Read the Full Advisory

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 26.04 LTS
  openvpn                         2.7.0-1ubuntu1.2

Ubuntu 24.04 LTS
  openvpn                         2.6.19-0ubuntu0.24.04.3

Ubuntu 22.04 LTS
  openvpn                         2.5.11-0ubuntu0.22.04.4

After a standard system update you need to restart OpenVPN to make all
the necessary changes.

References

https://ubuntu.com/security/notices/USN-8540-1

CVE-2026-11771, CVE-2026-12932, CVE-2026-12996, CVE-2026-13117,

CVE-2026-13122, CVE-2026-13698

Severity
critical
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-8540-1

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.