PT-2026-35157 · Cesanta · Mongoose
Dwbruijn
·
Published
2026-04-25
·
Updated
2026-04-25
·
CVE-2026-6986
CVSS v3.1
3.7
Low
| Vector | AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Cesanta Mongoose versions prior to 7.21
Description
An issue exists in the GCM Authentication Tag Handler within the
mg aes gcm decrypt() function of the /src/tls aes128.c file. This flaw leads to improper verification of cryptographic signatures, which can be exploited remotely. The attack is characterized by high complexity and is considered difficult to execute.Recommendations
Upgrade to version 7.21.
Exploit
Fix
Improper Verification of Cryptographic Signature
Insufficient Verification of Data Authenticity
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Mongoose