A critical vulnerability (CVE-2026-47895) has been identified in the strongSwan VPN software, allowing unauthenticated attackers to execute malicious code remotely due to a memory management flaw in the libstrongswan component. This issue affects all versions since 4.3.3, as it improperly handles cloned identities, leading to potential remote code execution through double-free errors.
Only systems utilizing malloc() that returns NULL for zero-length allocations, or those that do not use EAP or XAuth, are currently safe. To mitigate risks, administrators are advised to update to strongSwan version 6.0.7 or apply patches for older releases.