top of page

Critical Security Updates: Privilege Escalation and Remote Code Execution Vulnerabilities Patched in OpenVPN Connect and Veeam

  • May 28
  • 2 min read

Key Findings


  • Critical privilege escalation vulnerability (CVE-2026-9560, CVSS 9.4) in OpenVPN Connect for macOS allows local attackers to gain root access

  • Affected versions 3.5.1 through 3.8.1 contain insecure local IPC handling in the privileged helper component

  • Version 3.8.2 patches the vulnerability along with authentication and profile management bugs

  • Enterprise deployments require immediate updates to secure corporate endpoints

  • Multiple critical flaws discovered in Veeam backup tools including remote code execution (CVE-2026-32998, CVSS 9.4) and privilege escalation vulnerabilities


Background


OpenVPN Connect is a widely deployed virtual private network client used by enterprises and individuals to secure network traffic. The macOS version provides background services that handle system-level networking tasks through a privileged helper component. Similarly, Veeam's backup and management suite is critical infrastructure for enterprise data protection, making these vulnerabilities particularly concerning for organizations relying on these tools.


OpenVPN Connect Local IPC Exploit


The vulnerability stems from insecure inter-process communication between the application and its background privileged helper. An attacker with local system access can craft malicious inputs and send them through the IPC channel to the helper service. The helper then executes these commands with root-level privileges without proper validation. This allows complete system compromise on affected macOS machines.


Researchers Ismael Esquilichi, Pablo Redondo, and Lê Đức Ninh responsibly disclosed the flaw through proper channels. The issue affects all versions from 3.5.1 through 3.8.1 on macOS platforms.


Additional OpenVPN Connect Fixes


Beyond the privilege escalation patch, version 3.8.2 addresses two significant functional issues. The first involves web-based authentication failing when users append trailing characters like slashes or question marks to URLs. This prevented the browser from launching entirely.


The second issue involved profile management becoming unreliable during switches. The import screen sometimes appeared unexpectedly, potentially leading to blank profiles being imported or causing immediate application crashes during migration sequences.


Veeam Service Provider Console Remote Code Execution


Veeam released patches for multiple critical vulnerabilities in its backup infrastructure. The most severe flaw, CVE-2026-32998 with a CVSS score of 9.4, affects the Service Provider Console. The issue involves unsafe script execution parameters within the automated alert system.


Researcher "putsi" discovered this through the HackerOne bug bounty program. Version 9.2.1.33875 contains the fix. As an interim workaround, administrators can disable the vulnerable script path by setting AlarmManagement_ScriptExecution to false in the local configuration JSON file.


Veeam Agent and Appliance Vulnerabilities


Two additional high-severity flaws impact Veeam's endpoint and backup infrastructure. CVE-2026-32996 affects the Windows Agent, allowing a local attacker with low permissions to escalate to administrative control. Researcher "Alibabas" reported this vulnerability.


CVE-2026-32997 impacts the Linux Software Appliance, allowing authenticated backup administrators to write arbitrary files to the system. Upgrading to version 13.0.2 resolves this secondary vulnerability.


Organizations using both OpenVPN Connect and Veeam tools should prioritize immediate patching across all affected systems to prevent exploitation by threat actors.


Sources


  • https://securityonline.info/openvpn-connect-macos-vulnerability-patched/

  • https://securityonline.info/veeam-security-vulnerabilities-patches/

Recent Posts

See All

Comments


  • Youtube

© 2025 by Explain IT Again. Powered and secured by Wix

bottom of page