IPsec/Strongswan CVE-2026-47895

Started by Gauss23, Today at 08:14:17 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
Today at 08:14:17 PM
Hi,

is OPNsense affected by https://www.strongswan.org/blog/2026/06/08/strongswan-vulnerability-(cve-2026-47895).html ?

Looks like 6.0.6 is the version currently installed with 26.1.9.

As this might be used for RCE without any authentication, it should be addressed, if affected.

Thank you.
,,The S in IoT stands for Security!" :)
Today at 08:43:16 PM #1
Scope of this seems to be pretty contained:

Servers that don't use EAP or XAuth authentication are not vulnerable to remote attacks.
Hardware:
DEC740
Today at 09:49:40 PM #2
Yep fixed in 6.0.7 so we're looking at that for 26.1.10

https://github.com/strongswan/strongswan/releases/tag/6.0.7
"AI has absolutely reduced the cost of creating technical debt." -- ChatGPT
Print
Go Up Pages1
User actions