CVE-2026-11604 PUBLISHED

Assigner: OpenVPN
Reserved: 08.06.2026 Published: 10.06.2026 Updated: 11.06.2026

An incorrect buffer size calculation in the epoch key generator in OpenVPN ovpn-dco-win version 2.0.0 through 2.8.3 allows a remote authenticated peer to trigger a heap-based buffer overflow and kernel memory corruption via a crafted data packet, resulting in a system crash (denial of service).

Metrics

CVSS 4.0

CVSS Vector: CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H
CVSS Score: 5.6

Exploitability Metrics		Vulnerable System Impact Metrics		Subsequent System Impact Metrics
Attack Vector	Local	Confidentiality	None	Confidentiality	None
Attack Complexity	High	Integrity	None	Integrity	None
Attack Requirements	Present	Availability	High	Availability	High
Privileges Required	Low
User Interaction	Passive

CVSS 4.0

Product Status

Vendor	OpenVPN
Product	ovpn-dco-win
Versions	Default: unaffected affected from 2.0.0 to 2.5.8 (incl.)

References

Problem Types

CWE-131 Incorrect calculation of buffer size CWE
CWE-122 Heap-based buffer overflow CWE
CWE-787 Out-of-bounds write CWE