Authorization Bypass in Cesanta Mongoose Product
CVE-2026-5246

6.3MEDIUM

Key Information:

Vendor

Cesanta

Status
Mongoose
Vendor
CVE Published:
2 April 2026

What is CVE-2026-5246?

A vulnerability exists in Cesanta Mongoose versions up to 7.20, specifically within the mg_tls_verify_cert_signature function of the P-384 Public Key Handler. Attackers can exploit this vulnerability remotely to bypass authorization. Although exploiting this flaw is complex and requires sophisticated techniques, the risk is pronounced enough that the vendor has issued a fix. Users are urged to upgrade to version 7.21, which addresses this vulnerability with the patch identified by commit 0d882f1b43ff2308b7486a56a9d60cd6dba8a3f1, ensuring enhanced security for their installations.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Mongoose 7.0

Mongoose 7.1

Mongoose 7.2

References

https://vuldb.com/vuln/354827
vdb-entrytechnical-description
https://vuldb.com/vuln/354827/cti
signaturepermissions-required
https://vuldb.com/submit/770104
third-party-advisory

CVSS V4

Score:
6.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
High
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

the_evilsocket (VulDB User)
VulDB CNA Team
JSON
.