PT-2026-29716 · Cesanta · Mongoose

The_Evilsocket

Published

2026-04-02

Updated

2026-04-30

CVE-2026-5246

CVSS v3.1

8.1

High

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Cesanta Mongoose versions prior to 7.21

Description A flaw in the P-384 Public Key Handler component, specifically within the mg tls verify cert signature() function of the mongoose.c file, allows for remote authorization bypass through manipulation.

Recommendations Update to version 7.21.

Fix

IDOR

Improper Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-639CWE-285

Related Identifiers

CVE-2026-5246

JLSEC-2026-371

Affected Products

Mongoose

PT-2026-29716 · Cesanta · Mongoose

CVE-2026-5246

Weakness Enumeration

Related Identifiers

Affected Products

References · 13