Vulnerability Details CVE-2026-12413
An invalidly formatted IKEv2 fragment causes the Libreswan pluto daemon to crash and restart. Continued exploitation would cause a denial of service. The function reassemble_v2_incoming_fragments() would ignore unknown outer payloads but still store these in a fixed size array msg_digest.digest[PAYLIMIT]. An off-by-one error in the assertion PASSERT(logger, md->digest_roof < elemsof(md->digest)) causes the daemon to abort. No remote code execution is possible. Any configuration that allows IKEv2 connections that do not set fragmentation=no are vulnerable. IKEv1 is not affected.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.006
EPSS Ranking 44.3%
CVSS Severity
CVSS v3 Score 7.5
Products affected by CVE-2026-12413
-
cpe:2.3:a:libreswan:libreswan:4.10
-
cpe:2.3:a:libreswan:libreswan:4.11
-
cpe:2.3:a:libreswan:libreswan:4.12
-
cpe:2.3:a:libreswan:libreswan:4.14
-
cpe:2.3:a:libreswan:libreswan:4.15
-
cpe:2.3:a:libreswan:libreswan:4.6
-
cpe:2.3:a:libreswan:libreswan:4.7
-
cpe:2.3:a:libreswan:libreswan:4.8
-
cpe:2.3:a:libreswan:libreswan:4.9
-
cpe:2.3:a:libreswan:libreswan:4.9-1.el8
-
cpe:2.3:a:libreswan:libreswan:4.9-1.el9