Vulnerability Details CVE-2026-39312
SoftEtherVPN is a an open-source cross-platform multi-protocol VPN Program. In 5.2.5188 and earlier, a pre-authentication denial-of-service vulnerability exists in SoftEther VPN Developer Edition 5.2.5188 (and likely earlier versions of Developer Edition). An unauthenticated remote attacker can crash the vpnserver process by sending a single malformed EAP-TLS packet over raw L2TP (UDP/1701), terminating all active VPN sessions.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 60.4%
CVSS Severity
CVSS v3 Score 7.5
References
Products affected by CVE-2026-39312
-
cpe:2.3:a:softether:softethervpn:5.01.9658
-
cpe:2.3:a:softether:softethervpn:5.01.9659
-
cpe:2.3:a:softether:softethervpn:5.01.9660
-
cpe:2.3:a:softether:softethervpn:5.01.9661
-
cpe:2.3:a:softether:softethervpn:5.01.9662
-
cpe:2.3:a:softether:softethervpn:5.01.9663
-
cpe:2.3:a:softether:softethervpn:5.01.9664
-
cpe:2.3:a:softether:softethervpn:5.01.9665
-
cpe:2.3:a:softether:softethervpn:5.01.9666
-
cpe:2.3:a:softether:softethervpn:5.01.9667
-
cpe:2.3:a:softether:softethervpn:5.01.9668
-
cpe:2.3:a:softether:softethervpn:5.01.9669
-
cpe:2.3:a:softether:softethervpn:5.01.9670
-
cpe:2.3:a:softether:softethervpn:5.01.9671
-
cpe:2.3:a:softether:softethervpn:5.01.9672
-
cpe:2.3:a:softether:softethervpn:5.01.9673
-
cpe:2.3:a:softether:softethervpn:5.01.9674
-
cpe:2.3:a:softether:softethervpn:5.02.0
-
cpe:2.3:a:softether:softethervpn:5.02.5180
-
cpe:2.3:a:softether:softethervpn:5.02.5181
-
cpe:2.3:a:softether:softethervpn:5.02.5182
-
cpe:2.3:a:softether:softethervpn:5.02.5183
-
cpe:2.3:a:softether:softethervpn:5.02.5184
-
cpe:2.3:a:softether:softethervpn:5.02.5185
-
cpe:2.3:a:softether:softethervpn:5.02.5186
-
cpe:2.3:a:softether:softethervpn:5.02.5187
-
cpe:2.3:a:softether:softethervpn:5.2.5188