GHSA-92x4-7936-ww96MediumCVSS 7.5

OpenVPN Access Server 2.7.2 through 3.1.0 accepts bare line-feed sequences inside HTTP header...

Published
July 8, 2026
Last Modified
July 10, 2026

🔗 CVE IDs covered (1)

📋 Description

OpenVPN Access Server 2.7.2 through 3.1.0 accepts bare line-feed sequences inside HTTP header values, allowing remote attackers to perform HTTP request smuggling when deployed behind a reverse proxy

🔗 References (3)