Skip to content

strongSwan: Remote Code Execution Possible Through Vulnerability

Bottom line: A remote code execution vulnerability exists in strongSwan that is exploitable by unauthenticated attackers.

A vulnerability in strongSwan enables attackers to execute arbitrary code remotely. The vulnerability can be exploited without authentication.

A vulnerability has been identified in the open-source IPsec suite strongSwan that allows attackers to execute arbitrary code remotely. The vulnerability is exploitable without authentication.

StrongSwan is a widely deployed VPN and IPsec implementation project used on numerous network gateways, firewalls and edge systems. Successful exploitation could allow attackers to gain control of affected systems and thereby gain access to protected networks.

CISOs should identify affected strongSwan instances and update to patched versions as soon as possible. CERT-Bund has prioritized the vulnerability as “high”. Detailed technical information and patch availability can be found in advisory WID-SEC-2026-1832.


Source: wid.cert-bund.de · Published June 9, 2026
Lumi AI News — AI-assisted curation in accordance with Article 50 EU AI Act. Paraphrasing and classification by Lumi News Pipeline v1.6.5.

Share on: