Text only | Text with Images

OPNsense Forum

English Forums => 26.1, 26,4 Series => Topic started by: Gauss23 on June 09, 2026, 08:14:17 PM

Title: IPsec/Strongswan CVE-2026-47895
Post by: Gauss23 on June 09, 2026, 08:14:17 PM
Hi,

is OPNsense affected by https://www.strongswan.org/blog/2026/06/08/strongswan-vulnerability-(cve-2026-47895).html ?

Looks like 6.0.6 is the version currently installed with 26.1.9.

As this might be used for RCE without any authentication, it should be addressed, if affected.

Thank you.
Title: Re: IPsec/Strongswan CVE-2026-47895
Post by: Monviech (Cedrik) on June 09, 2026, 08:43:16 PM
Scope of this seems to be pretty contained:

Servers that don't use EAP or XAuth authentication are not vulnerable to remote attacks.
Title: Re: IPsec/Strongswan CVE-2026-47895
Post by: franco on June 09, 2026, 09:49:40 PM
Yep fixed in 6.0.7 so we're looking at that for 26.1.10

https://github.com/strongswan/strongswan/releases/tag/6.0.7
Text only | Text with Images