CVE-2025-3110
CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th
OpenVPN Access Server 2.7.2 through 3.1.0 accepts bare line-feed sequences inside HTTP header values, allowing remote attackers to perform HTTP request smuggling when deployed behind a reverse proxy
| CWE | CWE-444 |
| Vendor | openvpn |
| Product | access server |
| Published | Jul 8, 2026 |
| Last Updated | Jul 8, 2026 |
Stay Ahead of the Next One
Get instant alerts for openvpn access server
Be the first to know when new unknown vulnerabilities affecting openvpn access server are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
OpenVPN / Access Server
2.7.2 โค 3.1.0