IPsec/Strongswan CVE-2026-47895

Started by Gauss23, Today at 08:14:17 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
Today at 08:14:17 PM
Hi,

is OPNsense affected by https://www.strongswan.org/blog/2026/06/08/strongswan-vulnerability-(cve-2026-47895).html ?

Looks like 6.0.6 is the version currently installed with 26.1.9.

As this might be used for RCE without any authentication, it should be addressed, if affected.

Thank you.
,,The S in IoT stands for Security!" :)
Today at 08:43:16 PM #1
Scope of this seems to be pretty contained:

Servers that don't use EAP or XAuth authentication are not vulnerable to remote attacks.
Hardware:
DEC740
Print
Go Up Pages1
User actions