CVE-2026-9560

Severity CVSS v4.0:
CRITICAL
Type:
CWE-78 OS Command Injections
Publication date:
26/05/2026
Last modified:
27/05/2026

Description

Privilege escalation via background service of OpenVPN Connect 3.5.1 through 3.8.1 on macOS allows attackers to execute arbitrary commands with elevated privileges via local IPC channel

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:openvpn:connect:*:*:*:*:*:macos:*:* 3.5.1 (including) 3.8.2 (excluding)


References to Advisories, Solutions, and Tools