OpenVPN version 2.6.0 through 2.6.20 and 2.7_alpha1 through 2.7.4 allows remote attackers to cause a denial of service via a malformed authentication token that triggers a reachable assertion when external-auth is enabled
"https://storage.googleapis.com/cve-osv-conversion/alpine/ALPINE-CVE-2026-13122.json"