Blog

Release and vulnerability announcements for strongSwan

strongSwan 6.0.7 Released

We are happy to announce the release of strongSwan 6.0.7, which fixes a vulnerability and comes with several other improvements and fixes.

release6.0.x

Vulnerability in libstrongswan (CVE-2026-47895)

A vulnerability in libstrongswan related to the cloning of certain identities was fixed. A too strict length check can result in a double-free and potentially remote code execution. All strongSwan versions since 4.3.3 are affected.

More information is provided in a separate blog entry.

Enforcing Validity of Pre-Trusted Certificates

When configuring a peer's certificate locally, strongSwan generally trusts this certificate unconditionally, i.e. it's considered pre-trusted. Particularly for self-signed certificates, the validity (notBefore/notAfter dates) was not checked and enforced.

There was one exception. If the certificate is not self-signed, strongSwan tries to build a trust chain to enforce pubkey constraints. And if the issuer certificate was loaded and found, the validity was actually enforced. However, if the issuer certificate was not found, i.e. the trust chain was incomplete, that wasn't the case. This inconsistency has now been resolved and the validity of the last certificate in an incomplete trust chain is enforced.

Similarly, the validity of pre-trusted, self-signed certificates is now enforced as well.

Other Notable Features and Fixes

  • VICI's list-conn event now includes the IKE and IPsec proposals. A numbered (zero-based) section for each proposal contains lists of algorithm identifiers for each transform type that's found in the proposal. As proposals can be quite extensive, the swanctl --list-conns command currently doesn't print them to keep the output compact, but --raw may be used to see them.
  • The swanctl --list-conns command now accepts an --ike option to filter connections by name (the underlying VICI command always supported that).
  • charon-cmd does not default to IPv4 anymore and allows configuring the local endpoint via --host-local option.
  • Enable mixed-family IPComp configs with Linux kernel 6.3 and newer.
  • Fixed the key derivation if an IKE SA is reset after IKE_INTERMEDIATE retransmits. This previously caused the encryption to fail during the next attempt.
  • Fixed error handling if an IKE_INTERMEDIATE request doesn't contain a KE payload.
  • Fixed compatibility of the openssl plugin with OpenSSL 4.
  • Fixed a potential OOB read on the stack in the dhcp plugin when reading DHCP messages.
  • Fixed a potential client-side OOB read in the eap-aka plugin if AT_RAND is too short.
  • Fixed a potential NULL-pointer dereference in the pkcs7 plugin after verifying signed attributes.
  • Fixed a potential command injection when generating SWID tags in non-recommended configs.
  • Fixed setting IPv6 addresses on TUN devices on Linux, although this is currently not used.
  • Properly enable (or rather disable) the --with-plugins-packaged-separately option that was added with 6.0.5.

Download Complete Changelog