CVE Catalog

CVE-2026-9560

High
Published: Translated: NVD NIST

Summary

A vulnerability in OpenVPN Connect from version 3.5.1 to 3.8.1 on macOS allows privilege escalation via background services. Attackers can execute arbitrary commands with elevated privileges through a local IPC channel.

Risk Assessment

The risk to the organization involves the potential for unauthorized actions by an attacker, which could lead to data loss or system takeover.

Recommendation

It is recommended to update OpenVPN Connect to the latest version to mitigate the risks associated with this vulnerability.

Original NVD description (English source)

Privilege escalation via background service of OpenVPN Connect 3.5.1 through 3.8.1 on macOS allows attackers to execute arbitrary commands with elevated privileges via local IPC channel

Vulnerability data from NVD (NIST) · CISA KEV · EPSS