Impersonation Vulnerability in Libreswan through IKEv2 AUTH Payload
CVE-2026-50722

8.1HIGH

Key Information:

Status
Vendor
CVE Published:
2 July 2026

Badges

👾 Exploit Exists

What is CVE-2026-50722?

Libreswan contains a vulnerability in the RSA_authenticate_hash_signature_pkcs1_1_5_rsa() function, which fails to properly verify the DER encoding of ASN.1 digests when the IKEv2 AUTH payload utilizes RSASSA-PKCS1-v1_5. This flaw allows a remote attacker to leverage variations of the Bleichenbacher attack to forge an AUTH payload with small public exponents, thereby enabling impersonation of legitimate users. Additionally, attackers can exploit this vulnerability by encoding a shorter-than-expected hash in the AUTH payload, which may cause an assertion failure leading to a denial-of-service condition. Upon exploiting this, the Libreswan daemon aborts and restarts, potentially resulting in sustained service disruption. Though this vulnerability does not allow remote code execution, staying updated with patches is essential to mitigate these risks.

Affected Version(s)

libreswan 0 <= 5.3

libreswan 5.3.1

References

CVSS V3.1

Score:
8.1
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

Yeonghyeon Choi
Duyeong Kim
Andrew Cagney (The Libreswan Team)
.