Pre-Auth EAP-TLS DoS on SoftEther VPN Developer Edition

Description

A vulnerability, which was classified as problematic, was found in SoftEtherVPN up to 5.2.5188. Affected by this issue is some unknown functionality. Executing a manipulation can lead to uncontrolled memory allocation.

Affected Products

Vendor	Product	Versions
softether	softether vpn	<= 5.2.5188

References

https://github.com/SoftEtherVPN/SoftEtherVPN/security/advisories/GHSA-q5g3-qhc6-pr3h(x_refsource_CONFIRM)

Related News (1 articles)

Tier C

VulDB2h ago

CVE-2026-39312 | SoftEtherVPN up to 5.2.5188 memory allocation (GHSA-q5g3-qhc6-pr3h)

→ No new info (linked only)

CVSS 3.17.5 HIGH

VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CISA KEV❌ No

Actively exploited❌ No

CWECWE-789

PublishedApr 7, 2026

Last enriched2h agov2

Trending Score45

Source articles1

Independent1

Info Completeness8/14

Missing: epss, kev, exploit, patch, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

Version History

Last enriched 2h ago

v2Tier C2h ago

Updated description with new details about uncontrolled memory allocation and corrected exploit availability status.

description

via VulDB

v13h ago

Initial creation