OpenVPN on Windows 2.8.0 Crashes from Large Packets

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

5.6

OpenVPN on Windows 2.8.0 Crashes from Large Packets

CVE-2026-2738

Summary

If an attacker sends a large packet to a Windows system running OpenVPN version 2.8.0, it may crash the system. This only happens if the packet has a specific format, and it requires the attacker to be on the same local network as the system. To protect your system, consider updating to a newer version of OpenVPN.

Original title

Buffer overflow in ovpn‑dco‑win version 2.8.0 allows local attackers to cause a system crash by sending too large packets to the remote peer when the AEAD tag appears at the end of the encrypted pa...

Original description

nvd CVSS4.0 5.6

Vulnerability type

CWE-131

https://community.openvpn.net/Security%20Announcements/CVE-2026-2738

Published: 19 Feb 2026 · Updated: 11 Mar 2026 · First seen: 6 Mar 2026