Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2026-9560
PUBLISHED
More InfoOfficial Page
Assigner-OpenVPN
Assigner Org ID-36a55730-e66d-4d39-8ca6-3c3b3017965e
View Known Exploited Vulnerability (KEV) details
Published At-26 May, 2026 | 17:39
Updated At-27 May, 2026 | 03:55
Rejected At-
▼CVE Numbering Authority (CNA)

Privilege escalation via background service of OpenVPN Connect 3.5.1 through 3.8.1 on macOS allows attackers to execute arbitrary commands with elevated privileges via local IPC channel

Affected Products
Vendor
OpenVPN Inc
Product
OpenVPN Connect
Platforms
  • MacOS
Default Status
unaffected
Versions
Affected
  • From 3.5.1 through 3.8.1 (semver)
Problem Types
TypeCWE IDDescription
CWECWE-78CWE-78
CWECWE-267CWE-267 Privilege defined with unsafe actions
CWECWE-270CWE-270 Privilege context switching error
CWECWE-648CWE-648 Incorrect use of privileged APIs
Type: CWE
CWE ID: CWE-78
Description: CWE-78
Type: CWE
CWE ID: CWE-267
Description: CWE-267 Privilege defined with unsafe actions
Type: CWE
CWE ID: CWE-270
Description: CWE-270 Privilege context switching error
Type: CWE
CWE ID: CWE-648
Description: CWE-648 Incorrect use of privileged APIs
Metrics
VersionBase scoreBase severityVector
4.09.4CRITICAL
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
4.08.9HIGH
CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
Version: 4.0
Base score: 9.4
Base severity: CRITICAL
Vector:
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
Version: 4.0
Base score: 8.9
Base severity: HIGH
Vector:
CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://openvpn.net/connect-docs/macos-release-notes.html
release-notes
Hyperlink: https://openvpn.net/connect-docs/macos-release-notes.html
Resource:
release-notes
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Details not found