Critical Privilege Escalation Flaw Fixed in OpenVPN Connect for macOS

Security researchers disclosed a critical OpenVPN Connect macOS vulnerability (CVE-2026-9560, CVSS 9.4) affecting versions 3.5.1–3.8.1 where the privileged helper handles local IPC insecurely, enabling a local attacker to execute commands with root privileges; the vendor released v3.8.2 which fixes this issue and additional authentication/profile-management bugs and should be applied immediately.