strongSwan: Mehrere Schwachstellen ermöglichen Denial of Service und Codeausführung
Multiple vulnerabilities have been identified in strongSwan, an IPSec-based VPN implementation, affecting versions prior to 6. 0. 6. These vulnerabilities can lead to denial of service and code execution. The affected product includes Fedora Linux distributions using strongSwan. There is no CVSS score available for these issues, and no known exploits in the wild have been reported. Patch status is not confirmed from the provided data, and no direct remediation guidance is included.
AI Analysis
Technical Summary
StrongSwan versions before 6.0.6 contain several security vulnerabilities that allow an attacker to cause denial of service conditions or execute arbitrary code. These issues affect the Fedora Linux distribution and other open source deployments of strongSwan. The vulnerabilities are cataloged under multiple CVEs (CVE-2026-35328 through CVE-2026-35334). The advisory is published by the Bundesamt für Sicherheit in der Informationstechnik. No CVSS metrics or detailed technical exploit information are provided in the available data.
Potential Impact
Successful exploitation of these vulnerabilities could result in denial of service or arbitrary code execution on systems running vulnerable versions of strongSwan. This could compromise the confidentiality, integrity, and availability of VPN services relying on strongSwan. No known active exploitation has been reported at this time.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory from the Bundesamt für Sicherheit in der Informationstechnik (WID-SEC-W-2026-1247) for current remediation guidance. Until official patches or updates are available, consider limiting exposure of strongSwan services to untrusted networks and monitor for updates from Fedora and strongSwan maintainers.
strongSwan: Mehrere Schwachstellen ermöglichen Denial of Service und Codeausführung
Description
Multiple vulnerabilities have been identified in strongSwan, an IPSec-based VPN implementation, affecting versions prior to 6. 0. 6. These vulnerabilities can lead to denial of service and code execution. The affected product includes Fedora Linux distributions using strongSwan. There is no CVSS score available for these issues, and no known exploits in the wild have been reported. Patch status is not confirmed from the provided data, and no direct remediation guidance is included.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
StrongSwan versions before 6.0.6 contain several security vulnerabilities that allow an attacker to cause denial of service conditions or execute arbitrary code. These issues affect the Fedora Linux distribution and other open source deployments of strongSwan. The vulnerabilities are cataloged under multiple CVEs (CVE-2026-35328 through CVE-2026-35334). The advisory is published by the Bundesamt für Sicherheit in der Informationstechnik. No CVSS metrics or detailed technical exploit information are provided in the available data.
Potential Impact
Successful exploitation of these vulnerabilities could result in denial of service or arbitrary code execution on systems running vulnerable versions of strongSwan. This could compromise the confidentiality, integrity, and availability of VPN services relying on strongSwan. No known active exploitation has been reported at this time.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory from the Bundesamt für Sicherheit in der Informationstechnik (WID-SEC-W-2026-1247) for current remediation guidance. Until official patches or updates are available, consider limiting exposure of strongSwan services to untrusted networks and monitor for updates from Fedora and strongSwan maintainers.
Technical Details
- Gcve Source
- db.gcve.eu
- Csaf Category
- csaf_base
- Csaf Version
- 2.0
- Publisher
- Bundesamt für Sicherheit in der Informationstechnik
- Advisory Id
- WID-SEC-W-2026-1247
- Cve Count
- 7
- Additional Cves
- ["CVE-2026-35329","CVE-2026-35331","CVE-2026-35332","CVE-2026-35333","CVE-2026-35334","CVE-2026-35330"]
- Cvss Version
- null
Threat ID: 6a18abace29bf47b5028aac0
Added to database: 5/28/2026, 8:55:08 PM
Last enriched: 5/28/2026, 9:21:00 PM
Last updated: 5/28/2026, 9:55:54 PM
Views: 3
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.