CVE-2026-9560
HIGH WAF: High
CVSS 7.8
Published: 2026-05-26
CWE-78
Privilege escalation via background service of OpenVPN Connect 3.5.1 through 3.8.1 on macOS allows attackers to execute arbitrary commands with elevated privileges via local IPC channel
WAF Coverage Analysis
OS Command Injection
High WAF Coverage
OWASP: A03:2021 Injection
932xxx - Remote Code Execution
Affected Software
| Vendor | Product | Version |
|---|---|---|
| openvpn | connect | 3.5.1 - 3.8.2 |
References
- openvpn.net (Release Notes)