A new vulnerability in early versions of OpenVPN has been disclosed, potentially allowing malicious servers to execute arbitrary commands on client machines.

The flaw affects OpenVPN releases from 2.7_alpha1 to 2.7_beta1, enabling script-injection attacks on POSIX-based systems such as Linux, macOS, and BSD variants.