Openbsd
This hub aggregates every CVE we track for Openbsd, a product in the operating systems space. Use it to gauge the current risk picture and drill into individual advisories.
203
CVEs tracked
28
Critical
67
High
0
In CISA KEV
Severity distribution
MEDIUM90HIGH67CRITICAL28LOW18
Monthly trend
0
0
0
1
3
0
0
1
0
0
0
0
0
0
0
0
0
0
0
1
1
0
3
0
2024-082026-07
Latest CVEs
The 15 most recently published vulnerabilities affecting Openbsd.
- CVE-2026-57589sys/kern/sysv_sem.c in OpenBSD through 7.9 has a use-after-free allowing local privilege escalation to root. This is a context switch use-after-free after tsleep in sys_semget().7.4
- CVE-2026-56099OpenBSD mpls_do_error Kernel Stack Memory Disclosure via MPLS Input5.3
- CVE-2026-55706sppp_pap_input in sys/net/if_spppsubr.c in OpenBSD before 076e2b1 allows authentication bypass via certain zero values for lengths.5.8
- CVE-2026-41285In OpenBSD through 7.8, the slaacd and rad daemons have an infinite loop when they receive a crafted ICMPv6 Neighbor Discovery (ND) option (over a local network) with length zero, because of an "nd...4.3
- CVE-2026-32772telnet in GNU inetutils through 2.7 allows servers to read arbitrary environment variables from clients via NEW_ENVIRON SEND USERVAR.3.4
- CVE-2025-30334OpenBSD wg(4) kernel crash6.5
- CVE-2024-11149OpenBSD vmm GDTR limits7.9
- CVE-2024-10933OpenBSD readdir directory traversal5.0
- CVE-2024-11148OpenBSD httpd(8) null dereference7.5
- CVE-2024-10934OpenBSD NFS double-free vulnerability9.8
- CVE-2021-35000OpenBSD Kernel Multicast Routing Uninitialized Memory Information Disclosure Vulnerability3.3
- CVE-2021-34999OpenBSD Kernel Multicast Routing Uninitialized Memory Information Disclosure Vulnerability5.5
- CVE-2024-29937NFS in a BSD derived codebase, as used in OpenBSD through 7.4 and FreeBSD through 14.0-RELEASE, allows remote attackers to execute arbitrary code via a bug that is unrelated to memory corruption.9.8
- CVE-2023-52558OpenBSD 7.4 and 7.3 m_split() network buffer kernel crash7.5
- CVE-2023-52557OpenBSD 7.3 invalid l2tp message npppd crash7.5
Product normalization is registry-driven with AI assist and human review. How it works