Skip to main content

Libreswan

3 CVEs product

Monthly

CVE-2026-50721 HIGH PATCH This Week

Signature forgery and denial-of-service in Libreswan's IKEv1 RSA authentication allows a remote unauthenticated attacker to impersonate an IKE peer or crash the daemon. The flaw lives in RSA_authenticate_hash_signature_raw_rsa(), which fails to validate the length of the authentication hash inside a PKCS #1 (RFC 2313) encoded SIG payload; when a peer uses a small RSA public exponent such as e=3, a Bleichenbacher-style forgery becomes feasible. There is no public exploit identified at time of analysis and it is not in CISA KEV, but the impersonation impact against IKEv1 raw-RSA authentication makes this a high-severity issue (CVSS 8.1); remote code execution is explicitly not possible and X.509 certificate verification is unaffected.

RCE Denial Of Service Jwt Attack Libreswan
NVD
CVSS 3.1
8.1
EPSS
0.4%
CVE-2026-50722 HIGH PATCH This Week

Peer impersonation and denial-of-service in Libreswan IPsec/IKEv2 arises from improper DER/ASN.1 digest verification in RSA_authenticate_hash_signature_pkcs1_1_5_rsa() when the IKEv2 AUTH payload uses RSASSA-PKCS1-v1_5 signatures. A remote unauthenticated attacker can mount a Bleichenbacher-style forgery to impersonate a peer when small RSA public exponents (e.g., e=3) are in use, or send an undersized hash to trip an assertion that aborts and restarts the daemon for sustained DoS. A vendor patch is available and there is no public exploit identified at time of analysis; RCE is not possible and X.509 certificate verification of the peer is unaffected.

RCE Denial Of Service Jwt Attack Libreswan
NVD
CVSS 3.1
8.1
EPSS
0.3%
CVE-2026-12413 HIGH This Week

Denial of service in the Libreswan IPsec VPN's pluto daemon allows remote unauthenticated attackers to crash and repeatedly restart the daemon by sending an invalidly formatted IKEv2 fragment. The off-by-one flaw affects any deployment permitting IKEv2 connections that do not explicitly set fragmentation=no, with no authentication or user interaction required; repeated exploitation sustains the outage. No public exploit identified at time of analysis, and no remote code execution is possible despite the mislabeled 'RCE' tag.

RCE Denial Of Service Libreswan
NVD VulDB
CVSS 3.1
7.5
EPSS
0.6%
EPSS 0% CVSS 8.1
HIGH PATCH This Week

Signature forgery and denial-of-service in Libreswan's IKEv1 RSA authentication allows a remote unauthenticated attacker to impersonate an IKE peer or crash the daemon. The flaw lives in RSA_authenticate_hash_signature_raw_rsa(), which fails to validate the length of the authentication hash inside a PKCS #1 (RFC 2313) encoded SIG payload; when a peer uses a small RSA public exponent such as e=3, a Bleichenbacher-style forgery becomes feasible. There is no public exploit identified at time of analysis and it is not in CISA KEV, but the impersonation impact against IKEv1 raw-RSA authentication makes this a high-severity issue (CVSS 8.1); remote code execution is explicitly not possible and X.509 certificate verification is unaffected.

RCE Denial Of Service Jwt Attack +1
NVD
EPSS 0% CVSS 8.1
HIGH PATCH This Week

Peer impersonation and denial-of-service in Libreswan IPsec/IKEv2 arises from improper DER/ASN.1 digest verification in RSA_authenticate_hash_signature_pkcs1_1_5_rsa() when the IKEv2 AUTH payload uses RSASSA-PKCS1-v1_5 signatures. A remote unauthenticated attacker can mount a Bleichenbacher-style forgery to impersonate a peer when small RSA public exponents (e.g., e=3) are in use, or send an undersized hash to trip an assertion that aborts and restarts the daemon for sustained DoS. A vendor patch is available and there is no public exploit identified at time of analysis; RCE is not possible and X.509 certificate verification of the peer is unaffected.

RCE Denial Of Service Jwt Attack +1
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Denial of service in the Libreswan IPsec VPN's pluto daemon allows remote unauthenticated attackers to crash and repeatedly restart the daemon by sending an invalidly formatted IKEv2 fragment. The off-by-one flaw affects any deployment permitting IKEv2 connections that do not explicitly set fragmentation=no, with no authentication or user interaction required; repeated exploitation sustains the outage. No public exploit identified at time of analysis, and no remote code execution is possible despite the mislabeled 'RCE' tag.

RCE Denial Of Service Libreswan
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy