Researchers discovered a vulnerability tracked as CVE-2019-14899 that can be exploited to hijack active TCP connections in a VPN tunnel. The flaw could be exploited by an attacker who shares the same network segment with the targeted user to determine if they are using a VPN, obtain the virtual IP address, determine if the target is currently visiting a specified website, and inject data into the TCP stream. Experts tested the flaw against OpenVPN, WireGuard, and IKEv2/IPSec, but it has not been tested against Tor.”]
Source: https://securityaffairs.co/wordpress/94764/hacking/cve-2019-14899-vpn-flaw.html