Platform
c
Component
mongoose
Fixed in
7.0.1
7.1.1
7.2.1
7.3.1
7.4.1
7.5.1
7.6.1
7.7.1
7.8.1
7.9.1
7.10.1
7.11.1
7.12.1
7.13.1
7.14.1
7.15.1
7.16.1
7.17.1
7.18.1
7.19.1
7.20.1
A heap-based buffer overflow vulnerability has been identified in Cesanta Mongoose versions 7.0 to 7.20. This flaw resides within the mgtlsrecv_cert function of the TLS 1.3 Handler component, potentially allowing remote attackers to exploit it. The vulnerability is now publicly disclosed, and upgrading to version 7.21 is recommended to address the issue.
Successful exploitation of CVE-2026-5244 could allow an attacker to execute arbitrary code on a vulnerable Cesanta Mongoose server. The vulnerability stems from improper handling of the pubkey argument within the mgtlsrecv_cert function, leading to a buffer overflow when processing TLS certificates. This could lead to a denial-of-service condition or, more critically, remote code execution (RCE). Given the remote accessibility of the affected component, the blast radius is significant, potentially impacting any application relying on Mongoose for its web server functionality. The public disclosure of this vulnerability significantly increases the risk of exploitation.
CVE-2026-5244 was publicly disclosed on 2026-04-02. The vulnerability is considered to have a medium exploitation probability due to the public availability of the vulnerability details and the ease of remote exploitation. No active exploitation campaigns have been publicly reported as of this writing, but the public disclosure increases the likelihood of future attacks. The vulnerability is not currently listed on the CISA KEV catalog.
Exploit Status
EPSS
0.08% (23% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2026-5244 is to upgrade to Cesanta Mongoose version 7.21 or later, which includes the fix (commit 0d882f1b43ff2308b7486a56a9d60cd6dba8a3f1). If an immediate upgrade is not feasible, consider implementing temporary workarounds such as input validation on the TLS certificate data to prevent excessively large or malformed certificates from being processed. While a WAF might offer some protection, it is unlikely to be sufficient against a carefully crafted exploit. Monitor system logs for unusual activity related to TLS connections and certificate processing.
Update the Cesanta Mongoose library to version 7.21 or later. This corrects the heap-based buffer overflow vulnerability in the mg_tls_recv_cert function of the mongoose.c file. The update mitigates the risk of remote code execution.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2026-5244 is a HIGH severity heap-based buffer overflow vulnerability affecting Cesanta Mongoose versions 7.0 through 7.20. It resides in the TLS 1.3 Handler and allows remote attackers to potentially execute code.
If you are using Cesanta Mongoose versions 7.0 to 7.20, you are potentially affected by this vulnerability. Upgrade to version 7.21 or later to mitigate the risk.
The recommended fix is to upgrade to Cesanta Mongoose version 7.21 or later. This version includes a patch that addresses the buffer overflow vulnerability.
While no active exploitation campaigns have been publicly reported, the vulnerability is publicly disclosed, increasing the risk of future attacks.
Refer to the Cesanta security advisory for detailed information and updates regarding CVE-2026-5244: [https://cesanta.com/security/advisories/](https://cesanta.com/security/advisories/)
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.