Actions
Bug #16831
closed
OpenVPN CVE-2026-40215
Start date:
Due date:
% Done:
0%
Estimated time:
Release Notes:
Default
Affected Plus Version:
26.03
Affected Architecture:
All
Description
Current version of OpenVPN in pfSense Plus 26.03:
OpenVPN 2.6.16 amd64-portbld-freebsd16.0 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [MH/RECVDA] [AEAD] [DCO]
According to OpenVPN security advisories this version needs to be patched to 2.6.20 to resolve this security vulnerability:
https://community.openvpn.net/Security%20Announcements/CVE-2026-40215
Updated by Christian McDonald 9 days ago
- Status changed from New to Feedback
- Assignee set to Christian McDonald
Updated by Kris Phillips 9 days ago
After running pkg upgrade from CLI, I'm seeing 2.6.20 now installed:
OpenVPN 2.6.20 amd64-portbld-freebsd16.0 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [MH/RECVDA] [AEAD] [DCO]
Actions