Impersonation Vulnerability in Libreswan through IKEv2 AUTH Payload
CVE-2026-50722
Key Information:
- Vendor
The Libreswan Project
- Status
- Vendor
- CVE Published:
- 2 July 2026
Badges
What is CVE-2026-50722?
Libreswan contains a vulnerability in the RSA_authenticate_hash_signature_pkcs1_1_5_rsa() function, which fails to properly verify the DER encoding of ASN.1 digests when the IKEv2 AUTH payload utilizes RSASSA-PKCS1-v1_5. This flaw allows a remote attacker to leverage variations of the Bleichenbacher attack to forge an AUTH payload with small public exponents, thereby enabling impersonation of legitimate users. Additionally, attackers can exploit this vulnerability by encoding a shorter-than-expected hash in the AUTH payload, which may cause an assertion failure leading to a denial-of-service condition. Upon exploiting this, the Libreswan daemon aborts and restarts, potentially resulting in sustained service disruption. Though this vulnerability does not allow remote code execution, staying updated with patches is essential to mitigate these risks.
Affected Version(s)
libreswan 0 <= 5.3
libreswan 5.3.1
References
CVSS V3.1
Timeline
- 👾
Exploit known to exist
Vulnerability published
Vulnerability Reserved
