Impersonation and Denial-of-Service Vulnerability in Libreswan IKEv1 Implementation
CVE-2026-50721
Key Information:
- Vendor
The Libreswan Project
- Status
- Vendor
- CVE Published:
- 2 July 2026
Badges
What is CVE-2026-50721?
Libreswan's implementation contains a vulnerability in the RSA_authenticate_hash_signature_raw_rsa() function, which fails to properly verify the length of the authentication hash in the SIG payload of IKEv1 packets. Exploiting this flaw, a remote attacker can leverage a variant of the Bleichenbacher attack, particularly when small public exponents like e=3 are utilized. This could enable the attacker to forge the SIG payload, leading to potential impersonation. Furthermore, by inserting a hash shorter than expected into the SIG payload, an attacker can trigger an assertion failure, resulting in a denial-of-service condition. This situation leads the Libreswan daemon to abort and restart, and persistent exploitation can lead to ongoing denial-of-service. It’s important to note that remote code execution is not possible, and the X.509 certificate verifications of remote IKE peers remain unaffected.
Affected Version(s)
libreswan 0 <= 5.3
libreswan 5.3.1
References
CVSS V3.1
Timeline
- 👾
Exploit known to exist
Vulnerability published
Vulnerability Reserved
