Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
OpenVPN Security Update Fixes Denial of Service Risk
Summary
A security update for OpenVPN fixes a vulnerability that could cause an OpenVPN server to crash, making it unavailable. This means that users and clients might not be able to connect to the VPN. To stay secure, update OpenVPN to the latest version as soon as possible.
What to do
- Update openvpn to version 2.6.10-150600.3.20.1.
- Update openvpn-dco to version 2.6.10-150600.3.20.1.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| – | openvpn | <= 2.6.10-150600.3.20.1 | 2.6.10-150600.3.20.1 |
| – | openvpn-dco | <= 2.6.10-150600.3.20.1 | 2.6.10-150600.3.20.1 |
| – | openvpn | <= 2.6.10-150600.3.20.1 | 2.6.10-150600.3.20.1 |
| – | openvpn-dco | <= 2.6.10-150600.3.20.1 | 2.6.10-150600.3.20.1 |
| – | openvpn | <= 2.6.10-150600.3.20.1 | 2.6.10-150600.3.20.1 |
| – | openvpn-dco | <= 2.6.10-150600.3.20.1 | 2.6.10-150600.3.20.1 |
| – | openvpn | <= 2.6.10-150600.3.20.1 | 2.6.10-150600.3.20.1 |
| – | openvpn-dco | <= 2.6.10-150600.3.20.1 | 2.6.10-150600.3.20.1 |
Original title
Security update for openvpn
Original description
This update for openvpn fixes the following issues:
- Updated to version 2.6.10 that fixes:
* CVE-2025-13086: improper validation of IP addresses that can cause denial of service (bsc#1254486)
- Updated to version 2.6.10 that fixes:
* CVE-2025-13086: improper validation of IP addresses that can cause denial of service (bsc#1254486)
- https://www.suse.com/support/update/announcement/2026/suse-su-20260831-1/ Vendor Advisory
- https://bugzilla.suse.com/1254486 Third Party Advisory
- https://www.suse.com/security/cve/CVE-2025-13086 URL
Published: 5 Mar 2026 · Updated: 6 Mar 2026 · First seen: 6 Mar 2026