What is GHSA-3mmv-h5fc-pvwj?

GHSA-3mmv-h5fc-pvwj is a security advisory published by GitHub Security Advisories with Medium severity. A race condition in OpenVPN 2.6.0 through 2.6.19 and 2.7_alpha1 through 2.7.1 allows remote...

Which CVE IDs does GHSA-3mmv-h5fc-pvwj cover?

GHSA-3mmv-h5fc-pvwj covers the following CVE IDs: CVE-2026-40215. Each CVE has its own detail page on EchelonGraph Pulse with the synthesized EG score.

GHSA-3mmv-h5fc-pvwjMedium

A race condition in OpenVPN 2.6.0 through 2.6.19 and 2.7_alpha1 through 2.7.1 allows remote...

Vendor

GitHub Security Advisories

Published

June 8, 2026

Last Modified

June 8, 2026

🔗 CVE IDs covered (1)

CVE-2026-40215 →

📋 Description

A race condition in OpenVPN 2.6.0 through 2.6.19 and 2.7_alpha1 through 2.7.1 allows remote attackers to potentially cause a server crash or leak heap memory via a use-after-free triggered during TLS session promotion.

🔗 References (5)

https://nvd.nist.gov/vuln/detail/CVE-2026-40215
https://community.openvpn.net/ReleaseHistory#openvpn-2620-released-22-april-2026
https://community.openvpn.net/ReleaseHistory#openvpn-272-released-22-april-2026
https://community.openvpn.net/Security%20Announcements/CVE-2026-40215
https://github.com/advisories/GHSA-3mmv-h5fc-pvwj