winget install --id OpenVPNTechnologies.OpenVPN
About OpenVPN
OpenVPN provides flexible VPN solutions to secure your data communications, whether it's for Internet privacy, remote access for employees, securing IoT, or for networking Cloud data centers.
What's new in 2.7.501
Security fixes: - openvpnserv (windows): fix DNS SearchList state pollution on (dis)connect. specific combinations of --dns config entries plus local DNS config could lead to corruption of pre-openvpn DNS config (CVE-2026-13379) Bug found by 章鱼哥 (www.aipyaipy.com). - Fix use-after-free bug in ack_write_buf(), triggerable by a well-timed sequence of control channel + authentication packets (CVE-2026-12996) Bug found by multiple researchers: - 章鱼哥 (www.aipyaipy.com) - Haiyang Huang - Haruki Oyama (Waseda University) - Fix use-after-free bug in tls_wrap_reneg(), triggerable by suitable sequence of dynamic tls-crypt control-channel packets (CVE-2026-13117) Bug found by multiple researchers: - Trace37 Labs (github.com/trace37labs) - Haiyang Huang - Fix server crash on reception of suitably malformed auth-token, if --auth-gen-token external-auth is active (CVE-2026-13122) Bug found by Haiyang Huang. - Fix memory-leak in tls-crypt-v2 client key handling that could lead to out-of-memory situations and subsequent server crashes (CVE-2026-12932) Bug found by Valton Tahiri. - Fix possible 1-byte buffer overrun on NTLMv2 proxy responses. (CVE-2026-11771) Bug found by Tristan Madani (@TristanInSec). - Fix another memory leak on reception of suitable tls-crypt-v2 packets that could lead to an out of memory situation and server crash (CVE-2026-13698) Bug found by Max Fillinger. Overlaps with a report from Valton Tahiri that we believe to be fixed by this bugfix as well. Bugfixes: - Windows: fix plugin trusted-dir check prefix bypass (this fixes a bug in the path checking logic we do on Wi...
Version history
| Version | Updated | Notes |
|---|---|---|
| 2.7.501 | Unknown | Security fixes: - openvpnserv (windows): fix DNS SearchList state pollution on (dis)connect. specific combinations of --dns config entries plus local DNS config could lead to corruption of pre-openvpn DNS config (CVE-202... |
| 2.7.402 | Unknown | Bugfixes: - using --dns server ... style configs on Windows with win-dco would lead to erroneously enabling "DnsSecValidationRequired : True", possibly breaking VPN DNS resolution. Pushing --dns server ... dnssec no can... |
| 2.7.401 | Unknown | Bugfixes: - using --dns server ... style configs on Windows with win-dco would lead to erroneously enabling "DnsSecValidationRequired : True", possibly breaking VPN DNS resolution. Pushing --dns server ... dnssec no can... |
| 2.7.301 | Unknown | Bugfixes: - in combination with --management-query-passwords, setups using --auth-user-pass file or inline auth-user-pass would no longer use the configured passwords and prompt on the management interface instead (OpenV... |
| 2.7.201 | Unknown | Security fixes: - CVE-2026-40215: fix race condition in TLS handshake that could lead to leaking of packet data from a previous handshake under specific circumstances - CVE-2026-35058: fix server ASSERT() on receiving a... |
| 2.7.101 | Unknown | New features: - Add a new username-only flag argument to --auth-user-pass which will now make OpenVPN only query for username and send a dummy password to the server. This is only useful if auth schemes are used on the s... |
| 2.7.017 | Unknown | Highlights of 2.7 - Multi-socket support for servers -- Handle multiple addresses/ports/protocols within one server - Improved Client support for DNS options - Client implementations for Linux/BSD/macOS, included with th... |
| 2.7.016 | Unknown | Highlights of 2.7 - Multi-socket support for servers -- Handle multiple addresses/ports/protocols within one server - Improved Client support for DNS options - Client implementations for Linux/BSD/macOS, included with th... |
| 2.6.1901 | Unknown | Release notes |
| 2.6.1701 | Unknown | Security fixes: - CVE-2025-13751: Windows/interactive service: fix erroneous exit on error that could be used by a local Windows users to achieve a local denial-of-service Bug fixes: - Windows/interactive service: improv... |
| 2.6.1601 | Unknown | Release notes |
| 2.6.1501 | Unknown | Release notes |
| 2.6.1404 | Unknown | Security fixes: - CVE-2025-2704: fix possible ASSERT() on OpenVPN servers using --tls-crypt-v2 Security scope: OpenVPN servers between 2.6.1 and 2.6.13 using --tls-crypt-v2 can be made to abort with an ASSERT() message b... |
| 2.6.1402 | Unknown | Security fixes: - CVE-2025-2704: fix possible ASSERT() on OpenVPN servers using --tls-crypt-v2 Security scope: OpenVPN servers between 2.6.1 and 2.6.13 using --tls-crypt-v2 can be made to abort with an ASSERT() message b... |
| 2.6.1401 | Unknown | No notes |
| 2.6.1301 | Unknown | No notes |
| 2.6.1201 | Unknown | No notes |
| 2.6.1101 | Unknown | No notes |
| 2.6.1001 | Unknown | No notes |
| 2.6.901 | Unknown | No notes |