Ghostwire

CVE-2026-9560: Privilege escalation via background service of OpenVPN Connect 3.5.1 through 3.8.1 on macOS allows attackers to execute...

CRITICAL CVSS 9.5

Published: May 26, 2026 | Last Modified: May 26, 2026

Description

Privilege escalation via background service of OpenVPN Connect 3.5.1 through 3.8.1 on macOS allows attackers to execute arbitrary commands with elevated privileges via local IPC channel

Ghostwire Analysis — What This Means Practically

Critical CVSS score indicates maximum severity — remote code execution, authentication bypass, or complete system compromise is likely possible.

This analysis is generated by Ghostwire from NVD, CISA KEV, EPSS, and open-source intelligence data. Verify findings through primary sources before acting.

Security Coverage (2 articles)

References

www.tenable.com/cve/CVE-2026-9560
www.cnnvd.org.cn/home/globalSearch?keyword=CVE-2026-9560