Logo
Retour à la veille

CVE-2026-40215

Publié : 8 juin 2026
Modifié : 8 juin 2026
Lien officiel NVD

Description détaillée

A race condition in OpenVPN 2.6.0 through 2.6.19 and 2.7_alpha1 through 2.7.1 allows remote attackers to potentially cause a server crash or leak heap memory via a use-after-free triggered during TLS session promotion.

Références et Patchs

https://community.openvpn.net/ReleaseHistory#openvpn-2620-released-22-april-2026https://community.openvpn.net/ReleaseHistory#openvpn-272-released-22-april-2026https://community.openvpn.net/Security%20Announcements/CVE-2026-40215

Dernières Vulnérabilités

CVE-2026-44541

Fides is an open-source privacy engineering platform. From version 2.33.0 to before version 2.84.5, there is a DOM-based XSS vulnerability in fides.js via the fides_description override. This issue has been patched in version 2.84.5.

VOIR DÉTAILS

CVE-2026-11585

A vulnerability was determined in CodeAstro Student Attendance Management System 1.0. Affected is an unknown function of the file /attendance-php/Admin/createClassArms.php. This manipulation of the argument classId causes sql injection. The attack can be initiated remotely. The exploit has been publicly disclosed and may be utilized.

VOIR DÉTAILS

CVE-2026-49141

WACRM prior to commit 73041bf contain an authorization bypass vulnerability in the automation engine that allows authenticated attackers to access and modify contacts belonging to other tenants by supplying an arbitrary caller-controlled contact_id in the POST request body without tenant ownership verification. Attackers can exploit the service-role client that bypasses row-level security to modify victim contact fields including name, email, and company across tenant boundaries using only a known contact UUID.

VOIR DÉTAILS