Vendor

StrongSwan

4 briefs RSS

strongSwan 5.9.13 Denial-of-Service Vulnerability (CVE-2026-35333)

A denial-of-service vulnerability exists in strongSwan version 5.9.13 due to a flaw in the eap-radius plugin when built with DAE enabled, allowing remote attackers to exhaust worker threads by sending a crafted RADIUS Access-Request (CVE-2026-35333).

strongSwan <= 5.9.13 denial-of-service radius strongswan CVE-2026-35333

2r 1t 3w ago

critical advisory

strongSwan 5.9.13 libsimaka EAP-SIM/AKA Heap Buffer Overflow Vulnerability

2 rules 1 TTP

A remote exploit is available for strongSwan 5.9.13 exploiting a heap buffer overflow in the libsimaka EAP-SIM/AKA module (CVE-2026-35330), enabling pre-authentication exploitation via a malformed EAP-SIM/AKA payload.

strongSwan <= 5.9.13 strongSwan heap-overflow eap-sim eap-aka CVE-2026-35330 exploit

2r 1t 3w ago

high advisory

strongSwan eap-mschapv2 Plugin Vulnerability

2 rules 2 TTPs

A remote, anonymous attacker can exploit a vulnerability in strongSwan's eap-mschapv2 plugin to cause a denial of service condition or possibly execute arbitrary code.

strongSwan vulnerability denial-of-service

2r 2t May 13, 2026

critical advisory

Multiple Vulnerabilities in strongSwan Enable Denial of Service and Code Execution

2 rules 2 TTPs

A remote, anonymous attacker can exploit multiple vulnerabilities in strongSwan to conduct a denial-of-service attack or potentially achieve arbitrary code execution.

strongSwan vpn denial-of-service code-execution

2r 2t May 11, 2026