CVE-2026-9560: OS Command Injection

Q: What is the severity of CVE-2026-9560?

CVE-2026-9560 has a critical severity rating of 9.4.

Q: How do I fix CVE-2026-9560?

To fix CVE-2026-9560, update OpenVPN Connect to a version later than 3.8.1.

Q: What type of vulnerability is CVE-2026-9560?

CVE-2026-9560 is a privilege escalation vulnerability due to OS command injection.

Q: Can CVE-2026-9560 be exploited remotely?

No, CVE-2026-9560 requires local access to exploit the vulnerability.

Q: What software is affected by CVE-2026-9560?

CVE-2026-9560 affects OpenVPN Connect versions 3.5.1 through 3.8.1 on macOS.

Published May 26, 2026

Updated

Privilege escalation via background service of OpenVPN Connect 3.5.1 through 3.8.1 on macOS allows attackers to execute arbitrary commands with elevated privileges via local IPC channel

Affected Software

2 affected components

OpenVPN OpenVPN Connect>=3.5.1<=3.8.1

OpenVPN Connect Macos>=3.5.1<3.8.2

Event History

May 26, 2026

CVE Published

via MITRE·05:39 PM

Data Sourced

via MITRE·05:39 PM

DescriptionWeakness

Data Sourced

via NVD·06:16 PM

DescriptionSeverityWeaknessAffected Software

Mar 25, 58386

Event

via FIRST·07:55 PM

Frequently Asked Questions

What is the severity of CVE-2026-9560?

CVE-2026-9560 has a critical severity rating of 9.4.

How do I fix CVE-2026-9560?

To fix CVE-2026-9560, update OpenVPN Connect to a version later than 3.8.1.

What type of vulnerability is CVE-2026-9560?

CVE-2026-9560 is a privilege escalation vulnerability due to OS command injection.

Can CVE-2026-9560 be exploited remotely?

No, CVE-2026-9560 requires local access to exploit the vulnerability.

What software is affected by CVE-2026-9560?