Blog

Release and vulnerability announcements for strongSwan

strongSwan Vulnerability (CVE-2026-25075)

A vulnerability in the eap-ttls plugin related to processing EAP-TTLS AVPs was discovered in strongSwan that can result in resource exhaustion or a crash. All versions since 4.5.0 are affected.

security fix6.0.x5.9.x5.8.x5.7.x5.6.x5.5.x5.4.x5.3.x5.2.x5.1.x5.0.x4.x

strongSwan 6.0.5 Released

We are happy to announce the release of strongSwan 6.0.5, which fixes a vulnerability in the eap-ttls plugin, supports forwarding certain ICMP errors that don't match the negotiated traffic selectors and comes with several other improvements and fixes.

release6.0.x
Archive
2026 2
2025 6
2024 3
2023 7
2022 7
2021 5
2020 4
2019 3
2018 10
2017 7
2016 3
2015 11
2014 6
2013 8
2012 6
Tags
release 59
security fix 29
5.0.x 26
5.9.x 25
5.1.x 23
5.3.x 22
5.2.x 19
4.x 18
5.5.x 17
5.6.x 16
5.4.x 14
5.8.x 13