Access Server

Submit a proposal Propose CVE/GCVE/GHSA reference

Approved changes feed: RSS · Atom

cpe:2.3:a:openvpn:access_server:*:*:*:*:*:*:*:*

part: a version: * update: *

VendorOpenvpn (69250643-f594-58ab-9395-086994cbe5f3)
ProductAccess Server (39885e07-829e-52d7-ae80-64c4f74472dc)
Edition*
Language*
Software edition*
Target software*
Target hardware*
Other*
NotesImported from gcve-enriched-dumps CVE data

PURL mappings

PURLSourceLast updated
No PURL mappings for this CPE yet.

Vulnerability references

IdentifiercpeApplicabilitySubmitteddb.gcve.eu detailsRationale
CVE:CVE-2025-50055 vulnerable 2026-06-03 15:01:49.261536 Details available
Cross-site scripting (XSS) vulnerability in the SAML Authentication module in OpenVPN Access Server version 2.14.0 through 2.14.3 allows configured remote SAML Assertion Consumer Service (ACS) endpoint servers to inject arbitrary web script or HTML via the RelayState parameter
Published: 2025-10-27T13:39:43.652Z
Updated: 2025-10-30T18:23:58.634Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2023-46850 vulnerable 2026-06-03 14:53:16.650827 Details available
Use after free in OpenVPN version 2.6.0 to 2.6.6 may lead to undefined behavoir, leaking memory buffers or remote execution when sending network buffers to a remote peer.
Published: 2023-11-11T00:15:07.076Z
Updated: 2025-12-16T18:23:24.266Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2023-46849 vulnerable 2026-06-03 14:53:16.646479 Details available
Using the --fragment option in certain configuration setups OpenVPN version 2.6.0 to 2.6.6 allows an attacker to trigger a divide by zero behaviour which could cause an application crash, leading to a denial of service.
Published: 2023-11-11T00:05:13.487Z
Updated: 2025-06-11T14:30:02.796Z
Reference links
Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.