Vulnerabilities
Vulnerable Software

Vulnerability Details CVE-2026-50722

Libreswan, via the function RSA_authenticate_hash_signature_pkcs1_1_5_rsa(), did not correctly verify the DER encoding of the ASN.1 digest when the IKEv2 AUTH payload was encoded using RSASSA-PKCS1-v1_5 (RFC 8017). A remote attacker can use a variation on the Bleichenbacher attack to forge the AUTH payload when small public exponents are used (e.g., e=3), leading to impersonation. Additionally, a remote attacker, by encoding a shorter than expected hash in the AUTH payload, could trigger an assertion leading to denial-of-service. The daemon aborts and restarts; continued exploitation causes sustained denial of service. Remote code execution is not possible. X.509 certificate verifications of the remote IKE peer are not affected.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 27.3%
CVSS Severity
CVSS v3 Score 8.1
Products affected by CVE-2026-50722


Contact Us

Shodan ® - All rights reserved