CVE 9.4 CRITICAL

CVE-2026-9560_CVE-2026-9560

May 26, 2026 invoker category_cve

9.4 / 10

CRITICAL

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Description

Privilege escalation via background service of OpenVPN Connect 3.5.1 through 3.8.1 on macOS allows attackers to execute arbitrary commands with elevated privileges via local IPC channel

AI Analysis

Privilege escalation vulnerability in OpenVPN Connect on macOS

Basic Information

ID CVE-2026-9560

Source OpenVPN

Published May 26, 2026 at 17:39

Modified May 26, 2026 at 18:08

Affected Product

Vendor OpenVPN Inc

Product OpenVPN Connect

Version 3.5.1

Affected Versions OpenVPN Inc OpenVPN Connect 3.5.1

CWE Classification

CWE-78 CWE-267 CWE-270 CWE-648

AI Assessment

AI Score 9.4 / 10

AI Severity Critical

Vendor OpenVPN Inc

Product OpenVPN Connect

Version 3.5.1, 3.6.1, 3.7.1, 3.8.1

References

openvpn.net /connect-docs/macos-release-notes.html

{
    "lastseen": "",
    "description": "Privilege escalation via background service of OpenVPN Connect 3.5.1 through 3.8.1 on macOS allows attackers to execute arbitrary commands with elevated privileges via local IPC channel",
    "published": "2026-05-26T17:39:57.378Z",
    "modified": "2026-05-26T18:08:16.845Z",
    "type": "cve",
    "title": "CVE-2026-9560",
    "source": "OpenVPN",
    "references": "https://openvpn.net/connect-docs/macos-release-notes.html",
    "id": "CVE-2026-9560",
    "bulletinFamily": "",
    "cwe": [
        "CWE-78",
        "CWE-267",
        "CWE-270",
        "CWE-648"
    ],
    "cvelist": null,
    "sourceData": "OpenVPN Inc OpenVPN Connect 3.5.1",
    "sourceHref": "",
    "cvss": {
        "score": 9.4,
        "severity": "CRITICAL",
        "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "OpenVPN Connect",
    "version": "3.5.1",
    "vendor": "OpenVPN Inc",
    "ai_description": "Privilege escalation vulnerability in OpenVPN Connect on macOS",
    "ai_severity": "Critical",
    "ai_vendor": "OpenVPN Inc",
    "ai_product": "OpenVPN Connect",
    "ai_version": "3.5.1, 3.6.1, 3.7.1, 3.8.1",
    "ai_score": 9.4
}

💭 Join the Security Discussion ❌ Cancel Reply