CVE-2026-9560

Privilege escalation via background service of OpenVPN Connect 3.5.1 through 3.8.1 on macOS allows attackers to execute arbitrary commands with elevated privileges via local IPC channel

high 7.8 CVSS 3.1
Published: May 26, 2026
Modified: May 27, 2026
Vendor: Openvpn
Product: Connect

Description

Privilege escalation via background service of OpenVPN Connect 3.5.1 through 3.8.1 on macOS allows attackers to execute arbitrary commands with elevated privileges via local IPC channel

References

Related CVEs

CVE-2023-4662 critical · 9.8
Execution with Unnecessary Privileges vulnerability in Saphira Saphira Connect allows Remote Code Inclusion. This issue affects Saphira Connect: before 9.
CVE-2023-4663 medium · 6.1
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Saphira Saphira Connect allows Reflected XSS. This issue affects Saphira Connect: be
CVE-2023-4664 high · 8.8
Incorrect Default Permissions vulnerability in Saphira Saphira Connect allows Privilege Escalation. This issue affects Saphira Connect: before 9.
CVE-2023-4665 high · 8.8
Incorrect Execution-Assigned Permissions vulnerability in Saphira Saphira Connect allows Privilege Escalation. This issue affects Saphira Connect: before 9.
CVE-2023-4661 critical · 9.8
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Saphira Saphira Connect allows SQL Injection. This issue affects Saphira Conn
CVE-2014-5455 medium · 5.3
Unquoted Windows search path vulnerability in the ptservice service prior to PrivateTunnel version 3.0 (Windows) and OpenVPN Connect version 3.1 (Windows) allows local users to gai