Openvpn Access Server vulnerabilities
3 known vulnerabilities affecting openvpn/access_server.
Total CVEs
3
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH1MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2025-50055MEDIUMCVSS 6.4≥ 2.14.0, ≤ 2.14.32025-10-27
CVE-2025-50055 [MEDIUM] CWE-79 CVE-2025-50055: Cross-site scripting (XSS) vulnerability in the SAML Authentication module in OpenVPN Access Server
Cross-site scripting (XSS) vulnerability in the SAML Authentication module in OpenVPN Access Server version 2.14.0 through 2.14.3 allows configured remote SAML Assertion Consumer Service (ACS) endpoint servers to inject arbitrary web script or HTML via the RelayState parameter
nvd
CVE-2023-46850CRITICALCVSS 9.8≥ 2.11.0, ≤ 2.11.3≥ 2.12.0, ≤ 2.12.22023-11-11
CVE-2023-46850 [CRITICAL] CWE-416 CVE-2023-46850: Use after free in OpenVPN version 2.6.0 to 2.6.6 may lead to undefined behavoir, leaking memory buff
Use after free in OpenVPN version 2.6.0 to 2.6.6 may lead to undefined behavoir, leaking memory buffers or remote execution when sending network buffers to a remote peer.
nvd
CVE-2023-46849HIGHCVSS 7.5≥ 2.11.0, ≤ 2.11.3≥ 2.12.0, ≤ 2.12.12023-11-11
CVE-2023-46849 [HIGH] CWE-369 CVE-2023-46849: Using the --fragment option in certain configuration setups OpenVPN version 2.6.0 to 2.6.6 allows an
Using the --fragment option in certain configuration setups OpenVPN version 2.6.0 to 2.6.6 allows an attacker to trigger a divide by zero behaviour which could cause an application crash, leading to a denial of service.
nvd