Platform
c
Component
mongoose
Fixed in
7.0.1
7.1.1
7.2.1
7.3.1
7.4.1
7.5.1
7.6.1
7.7.1
7.8.1
7.9.1
7.10.1
7.11.1
7.12.1
7.13.1
7.14.1
7.15.1
7.16.1
7.17.1
7.18.1
7.19.1
7.20.1
A stack-based buffer overflow vulnerability has been identified in Cesanta Mongoose versions 7.0 through 7.20. This flaw resides within the handlemdnsrecord function of the mongoose.c file, specifically concerning the handling of mDNS records. Successful exploitation could allow an attacker to execute arbitrary code, potentially compromising the affected system. The vulnerability has been patched in version 7.21.
The vulnerability lies in the handlemdnsrecord function, which processes mDNS records. An attacker can craft a malicious mDNS record with a specifically designed payload to overflow the buffer on the stack. This overflow can overwrite critical data, potentially leading to arbitrary code execution. Given the public availability of an exploit, the risk of exploitation is elevated. The attack requires a degree of complexity, but the public exploit lowers the barrier to entry. Successful exploitation could grant an attacker complete control over the system running Mongoose.
The vulnerability is publicly known with a proof-of-concept exploit available, increasing the likelihood of exploitation. It was disclosed on 2026-04-02. The CVSS score is 5.6 (MEDIUM). There is no indication of KEV listing or active campaigns at this time.
Exploit Status
EPSS
0.08% (23% percentile)
CISA SSVC
CVSS Vector
The primary mitigation is to upgrade to Cesanta Mongoose version 7.21 or later, which includes the fix (commit 0d882f1b43ff2308b7486a56a9d60cd6dba8a3f1). If an immediate upgrade is not feasible, consider implementing input validation on the mDNS record data before processing it within the handlemdnsrecord function. While a WAF might provide some protection, it's unlikely to be effective against a carefully crafted mDNS record. Monitor system logs for unusual network activity related to mDNS broadcasts.
Update the Cesanta Mongoose library to version 7.21 or later. This update corrects a stack-based buffer overflow vulnerability in the handle_mdns_record function of the mongoose.c file. The update mitigates the risk of remote code execution.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2026-5245 is a medium-severity buffer overflow vulnerability in Cesanta Mongoose versions 7.0 to 7.20. It affects the handlemdnsrecord function, allowing potential code execution through crafted mDNS records.
You are affected if you are using Cesanta Mongoose versions 7.0 through 7.20. Upgrade to version 7.21 or later to mitigate the vulnerability.
Upgrade to Cesanta Mongoose version 7.21 or later. This version includes a patch that resolves the buffer overflow vulnerability.
A public proof-of-concept exploit is available, indicating a potential for active exploitation. Exercise caution and apply the patch promptly.
Refer to the Cesanta security advisory for detailed information and updates: https://github.com/cesanta/mongoose/commit/0d882f1b43ff2308b7486a56a9d60cd6dba8a3f1
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.