Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1336 CNY

100%

CVE-2026-50722— IKEv2 Denial of Service via RSA-SHA1 (PKCS#1 RSASSA-PKCS1-v1_5) authentication payload

CVSS 8.1 · High EPSS 0.33% · P25

Possible ATT&CK Techniques 1AI

T1190 · Exploit Public-Facing Application

Affected Version Matrix 2

VendorProductVersion RangeStatus
The Libreswan Projectlibreswan≤ 5.3affected
5.3.1unaffected
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2026-50722

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
IKEv2 Denial of Service via RSA-SHA1 (PKCS#1 RSASSA-PKCS1-v1_5) authentication payload
Source: NVD (National Vulnerability Database)
Vulnerability Description
Libreswan, via the function RSA_authenticate_hash_signature_pkcs1_1_5_rsa(), did not correctly verify the DER encoding of the ASN.1 digest when the IKEv2 AUTH payload was encoded using RSASSA-PKCS1-v1_5 (RFC 8017). A remote attacker can use a variation on the Bleichenbacher attack to forge the AUTH payload when small public exponents are used (e.g., e=3), leading to impersonation. Additionally, a remote attacker, by encoding a shorter than expected hash in the AUTH payload, could trigger an assertion leading to denial-of-service. The daemon aborts and restarts; continued exploitation causes sustained denial of service. Remote code execution is not possible. X.509 certificate verifications of the remote IKE peer are not affected.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
密码学签名的验证不恰当
Source: NVD (National Vulnerability Database)
Vulnerability Title
libreswan 加密问题漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Libreswan是Libreswan团队开源的一个IPsec实现。 libreswan 5.3及之前版本存在加密问题漏洞,该漏洞源于函数RSA_authenticate_hash_signature_pkcs1_1_5_rsa()未能正确验证IKEv2 AUTH载荷中ASN.1摘要的DER编码,导致远程攻击者可通过Bleichenbacher攻击变种伪造AUTH载荷,导致身份冒充;同时,通过编码较短的哈希可触发断言导致拒绝服务。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
The Libreswan Projectlibreswan 0 ~ 5.3 -

II. Public POCs for CVE-2026-50722

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2026-50722

登录查看更多情报信息。

Vendor Advisories for CVE-2026-50722 (3)

Same Patch Batch · The Libreswan Project · 2026-07-02 · 3 CVEs total

CVE-2026-507218.1 HIGHIKEv1 Denial of Service via RSA-SHA1 (PKCS#1 Version 1.5 Encrypted) authentication payload
CVE-2026-124137.5 HIGHIKEv2 Denial of Service via malformed fragmentation

IV. Related Vulnerabilities

V. Comments for CVE-2026-50722

No comments yet


Leave a comment