HomeIntelligenceBrief
VULNERABILITY BRIEF🔴 Critical Vulnerability

Remote Heap Buffer Overflow in strongSwan 5.9.13 libsimaka Plugin Exposes VPN Services to Pre‑Auth Crash

A pre‑authentication heap‑buffer overflow (CVE‑2026‑35330) in strongSwan ≤ 5.9.13 allows remote attackers to crash or potentially execute code on VPN gateways. The flaw impacts any organization using strongSwan for IPsec, making it a high‑priority TPRM risk.

LiveThreat™ Intelligence · 📅 May 30, 2026· 📰 exploit-db.com
🔴
Severity
Critical
VU
Type
Vulnerability
🎯
Confidence
High
🏢
Affected
4 sector(s)
Actions
3 recommended
📰
Source
exploit-db.com

Remote Heap Buffer Overflow in strongSwan 5.9.13 libsimaka Plugin Exposes VPN Services to Pre‑Auth Crash

What Happened — A heap‑buffer overflow exists in the libsimaka component of strongSwan ≤ 5.9.13 (CVE‑2026‑35330). The flaw is triggered by a malformed EAP‑SIM/AKA payload sent during the IKE_AUTH exchange, causing an out‑of‑bounds write that leads to a SIGSEGV or, in the worst case, remote code execution before any peer authentication completes.

Why It Matters for TPRM

  • The vulnerability is remote, network‑visible, and can be weaponised without credentials.
  • strongSwan is widely deployed for site‑to‑site and remote‑access VPNs, making many third‑party services susceptible.
  • A successful exploit can disrupt secure communications, expose internal network topology, and potentially allow an attacker to pivot to downstream systems.

Who Is Affected — Telecommunications, cloud‑infrastructure providers, managed‑service providers, and any enterprise that relies on strongSwan for IPsec/VPN connectivity (e.g., FIN_SERV, TECH_SAAS, TELCO).

Recommended Actions

  • Verify whether any third‑party vendors or internal services run strongSwan ≤ 5.9.13 with the eap‑sim or eap‑aka plugins enabled.
  • Apply the upstream patch (commit aa5aaebc33) or upgrade to a version newer than 5.9.13.
  • Conduct penetration testing of VPN endpoints to confirm the fix and monitor for anomalous IKE traffic.

Technical Notes — Attack vector: remote network packet (VULNERABILITY_EXPLOIT). CVE‑2026‑35330. No data exfiltration is described; the primary impact is service disruption and potential code execution. Source: Exploit Database – EDB‑52587

📰 Original Source
https://www.exploit-db.com/exploits/52587

This LiveThreat Intelligence Brief is an independent analysis. Read the original reporting at the link above.

From the Verisq platform · Trust Operations

Misconfigurations are control gaps in disguise.

Verisq AI Trust Operations turns findings like this into mapped controls with continuous evidence, keeping your audit readiness current instead of point-in-time.

Map your controls with Verisq AI Trust Operations →