CVE-2026-2738: Buffer Overflow
Published Feb 19, 2026
·Updated
Buffer overflow in ovpn‑dco‑win version 2.8.0 allows local attackers to cause a system crash by sending too large packets to the remote peer when the AEAD tag appears at the end of the encrypted packet
Affected Software
1 affected component
OpenVPN ovpn-dco-win
Event History
Feb 19, 2026
CVE Published
via MITRE·08:00 PM
Data Sourced
via MITRE·08:00 PM
DescriptionWeakness
Data Sourced
via NVD·09:18 PM
DescriptionSeverityWeakness
Jun 4, 58123
Event
via FIRST·11:52 PM
Frequently Asked Questions
1
What is the severity of CVE-2026-2738?
CVE-2026-2738 has a high severity level due to the potential for a system crash caused by buffer overflow.
2
How do I fix CVE-2026-2738?
To fix CVE-2026-2738, upgrade to the latest version of OpenVPN ovpn-dco-win that addresses this vulnerability.
3
Who is affected by CVE-2026-2738?
CVE-2026-2738 affects users of OpenVPN ovpn-dco-win version 2.8.0, particularly those allowing untrusted local access.
4
What kind of attack can leverage CVE-2026-2738?
CVE-2026-2738 can be exploited by local attackers sending oversized packets to trigger a buffer overflow.
5
Is CVE-2026-2738 exploitable remotely?
CVE-2026-2738 is not remotely exploitable; it requires local access to the affected system.