Strongman

1 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest

CVE-2026-25998 HIGH This Week

strongMan's credential encryption uses a static initialization vector with AES-CTR mode, causing all database fields to be encrypted with identical key streams. An attacker with database access can leverage publicly stored certificates to derive the key stream and decrypt stored private keys and EAP secrets. No patch is currently available for this high-severity vulnerability affecting strongSwan management deployments.

Information Disclosure Strongman

NVD GitHub

CVSS 3.1

7.5

EPSS

0.0%

CVE-2026-25998

EPSS 0% CVSS 7.5

HIGH This Week

strongMan's credential encryption uses a static initialization vector with AES-CTR mode, causing all database fields to be encrypted with identical key streams. An attacker with database access can leverage publicly stored certificates to derive the key stream and decrypt stored private keys and EAP secrets. No patch is currently available for this high-severity vulnerability affecting strongSwan management deployments.

Information Disclosure Strongman

NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy