The OpenVPN community project team reports:
[...] OpenVPN 2.7.5 [...] is a bugfix release fixing several security issues:
- Fix use-after-free bug in ack_write_buf(), triggerable by a well-timed sequence of control channel + authentication packets (CVE-2026-12996)
- Fix use-after-free bug in tls_wrap_reneg(), triggerable by suitable sequence of dynamic tls-crypt control-channel packets (CVE-2026-13117)
- Fix server crash on reception of suitably malformed auth-token, if --auth-gen-token external-auth is active (CVE-2026-13122)
- Fix memory-leak in tls-crypt-v2 client key handling that could lead to out-of-memory situations and subsequent server crashes (CVE-2026-12932)
- Fix possible 1-byte buffer overrun on NTLMv2 proxy responses. (CVE-2026-11771)
- Fix another memory leak on reception of suitable tls-crypt-v2 packets that could lead to an out of memory situation and server crash (CVE-2026-13698)