CVE-2026-11604 MEDIUM

CVE-2026-11604

Vendor Openvpn
Product ovpn-dco-win
Weakness CWE-131
Published June 10, 2026
Last update June 11, 2026

CVSS base score

5.6/10
Attack vector Local
Attack complexity High
Privileges required Low
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H

What the vulnerability does

01Description

An incorrect buffer size calculation in the epoch key generator in OpenVPN ovpn-dco-win version 2.0.0 through 2.8.3 allows a remote authenticated peer to trigger a heap-based buffer overflow and kernel memory corruption via a crafted data packet, resulting in a system crash (denial of service).

Key dates

02Disclosure timeline

June 10, 2026 CVE published
June 11, 2026 Record updated