Threat Advisory

StrongSwan Vulnerability Enables Remote Code Execution

Threat: Vulnerability
Targeted Region: Global
Targeted Sector: Technology & IT
Criticality: Critical
[subscribe_to_unlock_form]

EXECUTIVE SUMMARY:

CVE-2026-47895 is a severe memory management bug in the libstrongswan component of strongSwan VPN software, specifically affecting all versions released since 4.3.3, where the cloning of certain identities can result in a double-free and potentially remote code execution due to incorrect handling of empty but non-NULL encoded identities, allowing an unauthenticated attacker with network access to exploit this vulnerability by sending a crafted identity string with specific hex-encoded prefixes, which can lead to remote code execution capability, resulting in significant business impact and consequences, including potential data breaches and system compromise, particularly in environments where EAP and EAP-Identity exchanges are used during authentication, and exploitation is more likely in setups that use the affected libstrongswan component and have not implemented specific configuration quirks, such as using a malloc implementation that returns NULL for zero-length allocations or delegating EAP to a RADIUS server.[/subscribe_to_unlock_form]

EXECUTIVE SUMMARY:

CVE-2026-47895 is a severe memory management bug in the libstrongswan component of strongSwan VPN software, specifically affecting all versions released since 4.3.3, where the cloning of certain identities can result in a double-free and potentially remote code execution due to incorrect handling of empty but non-NULL encoded identities, allowing an unauthenticated attacker with network access to exploit this vulnerability by sending a crafted identity string with specific hex-encoded prefixes, which can lead to remote code execution capability, resulting in significant business impact and consequences, including potential data breaches and system compromise, particularly in environments where EAP and EAP-Identity exchanges are used during authentication, and exploitation is more likely in setups that use the affected libstrongswan component and have not implemented specific configuration quirks, such as using a malloc implementation that returns NULL for zero-length allocations or delegating EAP to a RADIUS server.[emaillocker id="1283"]

RECOMMENDATION:

We recommend you to update strongSwan to version 6.0.7.

REFERENCES:

The following reports contain further technical details:
https://securityonline.info/strongswan-cve-2026-47895/

[/emaillocker]
crossmenu