Changeflow GovPing Data Privacy & Cybersecurity strongSwan Vulnerability Allows Denial of Servi...
Priority review Notice Added Final

strongSwan Vulnerability Allows Denial of Service Attack

Favicon for wid.cert-bund.de CERT-Bund Security Advisories
Published March 23rd, 2026
Detected March 24th, 2026
Email

Summary

CERT-Bund has issued a security advisory regarding a vulnerability in strongSwan, a VPN implementation. The vulnerability allows remote attackers to conduct Denial of Service attacks. Affected systems include various Linux distributions and other operating systems.

View original document View source feed page

What changed

This advisory from CERT-Bund details a critical vulnerability (CVSS Base Score 7.5) in strongSwan, an IPSec-based VPN implementation. The vulnerability allows remote, anonymous attackers to exploit a flaw to cause a Denial of Service (DoS) attack. The advisory lists affected systems including SUSE Linux, Ubuntu Linux, and versions of Open Source strongSwan prior to 6.0.5, impacting Linux, UNIX, and Windows operating systems.

Organizations utilizing strongSwan should immediately review their configurations and apply available mitigations or update to patched versions if available. While this is a notice and not a rule, failure to address such vulnerabilities can lead to significant operational disruption and potential security breaches. Specific mitigation details are referenced but not provided in this summary. The advisory was published on March 23, 2026, with a temporal score update on March 24, 2026.

What to do next

  1. Review strongSwan configurations for affected versions.
  2. Apply available mitigations or update to patched versions of strongSwan.
  3. Monitor for further security updates and advisories related to strongSwan.

Source document (simplified)

[WID-SEC-2026-0825] strongSwan: Schwachstelle ermöglicht Denial of Service CVSS Base Score 7.5 (hoch) CVSS Temporal Score 6.5 (mittel) Remoteangriff ja Datum 23.03.2026 Stand 24.03.2026 Mitigation ja

Betroffene Systeme

Betriebssystem

  • Linux
  • Sonstiges
  • UNIX
  • Windows

Produktbeschreibung

Strongswan ist eine IPSec-basierte VPN Implementierung.

Produkte

23.03.2026
- SUSE Linux

  • Ubuntu Linux

  • Open Source strongSwan <6.0.5

Angriff

Angriff

Ein entfernter, anonymer Angreifer kann eine Schwachstelle in strongSwan ausnutzen, um einen Denial of Service Angriff durchzuführen. CVE Informationen Versionshistorie Feedback zum Advisory geben

Related changes

Favicon for wid.cert-bund.de NGINX Plus and NGINX Vulnerabilities
Priority review Mar 25, 2026 CERT-Bund Security Advisories Data Privacy & Cybersecurity
Favicon for wid.cert-bund.de Apple Xcode Vulnerabilities Allow Information Disclosure, Denial of Service
Priority review Mar 25, 2026 CERT-Bund Security Advisories Data Privacy & Cybersecurity
Favicon for wid.cert-bund.de Linux Kernel Vulnerabilities Allow DoS, Code Execution
Urgent Mar 25, 2026 CERT-Bund Security Advisories Data Privacy & Cybersecurity
Favicon for changeflow.com EPO Patent EP3286707A1: Authentication Server for Electronic Devices
Routine Mar 25, 2026 ChangeBridge: EPO Bulletin - Business Methods (G06Q) Banking & Finance
Favicon for changeflow.com EPO Patent EP4028954A1: Continuous Learning for Fraud Detection
Routine Mar 25, 2026 ChangeBridge: EPO Bulletin - Business Methods (G06Q) Banking & Finance
Favicon for www.cert.ssi.gouv.fr Citrix XenServer Vulnerability Allows Data Confidentiality Breach
Priority review Mar 25, 2026 CERT-FR Security Advisories Data Privacy & Cybersecurity

Source

Favicon for wid.cert-bund.de
CERT-Bund Security Advisories wid.cert-bund.de/content/public/securityAdvisory/rss
Data Privacy & Cybersecurity
Analysis generated by AI. Source diff and links are from the original.

Classification

Agency
CERT-Bund
Published
March 23rd, 2026
Instrument
Notice
Legal weight
Non-binding
Stage
Final
Change scope
Substantive
Document ID
WID-SEC-2026-0825

Who this affects

Applies to
Technology companies
Industry sector
5112 Software & Technology
Activity scope
VPN Implementation Network Security
Geographic scope
Germany DE

Taxonomy

Primary area
Cybersecurity
Operational domain
IT Security
Compliance frameworks
NIST CSF
Topics
VPNs Network Security

Browse Categories

Agriculture & Food Safety 61 AI Regulation 3 Banking & Finance 238 Consumer Protection 41 Courts & Legal 323 Data Privacy & Cybersecurity 64 Defense & National Security 48 Education 20 Energy 105 Environment 83 Government & Legislation 264 Healthcare 131 Housing 16 Immigration 9 Insurance 56 Labor & Employment 111 Legal & Courts 1 Pharma & Drug Safety 99 Securities & Markets 80 Tax 64 Telecom & Technology 48 Trade & Sanctions 124 Transportation 56

Get Data Privacy & Cybersecurity alerts

Weekly digest. AI-summarized, no noise.

Free. Unsubscribe anytime.

Get alerts for this source

We'll email you when CERT-Bund Security Advisories publishes new changes.

Free. Unsubscribe anytime.