CVE-2026-9560 CRITICAL

CVE-2026-9560

Vendor Openvpn Inc

Product OpenVPN Connect

Weakness CWE-78

Published May 26, 2026

Last update May 27, 2026

View on NVD All CVEs

CVSS base score

9.4/10

Attack vector Local

Attack complexity Low

Privileges required None

User interaction None

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

What the vulnerability does

01Description

Privilege escalation via background service of OpenVPN Connect 3.5.1 through 3.8.1 on macOS allows attackers to execute arbitrary commands with elevated privileges via local IPC channel

Key dates

02Disclosure timeline

May 26, 2026 CVE published

May 27, 2026 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2026-9560

Related vulnerabilities

04Related CVE

CVE-2026-21267 Dreamweaver Desktop | Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') (CWE-78) CVE-2025-46271 Planet Technology Network Products OS Command Injection CVE-2020-7350 Metasploit Framework Plugin Libnotify Command Injection CVE-2025-8631 Kenwood DMX958XR Firmware Update Command Injection Vulnerability CVE-2025-8636 Kenwood DMX958XR Firmware Update Command Injection Vulnerability