๐Ÿ” CVE Alert

CVE-2025-3110

UNKNOWN 0.0
CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th

OpenVPN Access Server 2.7.2 through 3.1.0 accepts bare line-feed sequences inside HTTP header values, allowing remote attackers to perform HTTP request smuggling when deployed behind a reverse proxy

CWE CWE-444
Vendor openvpn
Product access server
Published Jul 8, 2026
Last Updated Jul 8, 2026
Stay Ahead of the Next One

Get instant alerts for openvpn access server

Be the first to know when new unknown vulnerabilities affecting openvpn access server are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

Affected Versions

OpenVPN / Access Server
2.7.2 โ‰ค 3.1.0

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
openvpn.net: https://openvpn.net/as-docs/as-3-2-release-notes.html