CVE-2026-2738 MEDIUM

CVE-2026-2738

Vendor Openvpn
Product ovpn-dco-win
Weakness CWE-131
Published February 19, 2026
Last update February 20, 2026

CVSS base score

5.6/10
Attack vector Local
Attack complexity High
Privileges required None
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:P

What the vulnerability does

01Description

Buffer overflow in ovpn‑dco‑win version 2.8.0 allows local attackers to cause a system crash by sending too large packets to the remote peer when the AEAD tag appears at the end of the encrypted packet

Key dates

02Disclosure timeline

February 19, 2026 CVE published
February 20, 2026 Record updated