Platform
other
Component
mongoose
Fixed in
7.0.1
7.1.1
7.2.1
7.3.1
7.4.1
7.5.1
7.6.1
7.7.1
7.8.1
7.9.1
7.10.1
7.11.1
7.12.1
7.13.1
7.14.1
7.15.1
7.16.1
7.17.1
7.18.1
7.19.1
7.20.1
CVE-2026-5246 describes an authorization bypass vulnerability discovered in Cesanta Mongoose versions 7.0 through 7.20. This flaw, located within the P-384 Public Key Handler, enables attackers to potentially bypass authentication mechanisms. Successful exploitation requires complex manipulation and is considered difficult, but the vulnerability has been publicly disclosed. A fix is available in version 7.21.
The core impact of CVE-2026-5246 is the potential for unauthorized access to resources protected by Cesanta Mongoose. An attacker exploiting this vulnerability could bypass authentication checks and gain access to sensitive data or functionality within the application. Given the remote nature of the exploit, the blast radius could be significant, potentially affecting any system running a vulnerable version of Mongoose exposed to the network. While the exploit is described as difficult, the public disclosure increases the likelihood of exploitation attempts, particularly if automated tools are developed. The ability to bypass authorization controls could lead to complete system compromise, depending on the application's overall security posture.
CVE-2026-5246 has been publicly disclosed, increasing the risk of exploitation. While the description indicates the exploit is difficult, the availability of public information means attackers can analyze and potentially develop automated tools to exploit the vulnerability. The vulnerability was published on 2026-04-02. No KEV listing or confirmed exploitation campaigns are currently known, but the public disclosure warrants immediate attention.
Exploit Status
EPSS
0.06% (19% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2026-5246 is to upgrade Cesanta Mongoose to version 7.21 or later, which contains the fix (commit 0d882f1b43ff2308b7486a56a9d60cd6dba8a3f1). If immediate upgrading is not feasible, consider implementing stricter input validation and authentication controls within your application to limit the potential impact of a successful exploit. While a WAF or proxy cannot directly address this code-level vulnerability, they can provide an additional layer of defense by detecting and blocking suspicious requests. After upgrading, confirm the fix by attempting to trigger the vulnerable function with malicious input and verifying that authentication is enforced.
Update the Cesanta Mongoose library to version 7.21 or later. This update addresses an authorization bypass vulnerability in the mg_tls_verify_cert_signature function of the mongoose.c file. The update is available as patch 0d882f1b43ff2308b7486a56a9d60cd6dba8a3f1.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2026-5246 is a MEDIUM severity vulnerability in Cesanta Mongoose versions 7.0-7.20 that allows attackers to bypass authentication controls via manipulation of the P-384 Public Key Handler.
You are affected if you are using Cesanta Mongoose versions 7.0 through 7.20. Upgrade to version 7.21 or later to resolve the issue.
Upgrade to Cesanta Mongoose version 7.21 or later. This version includes a patch (commit 0d882f1b43ff2308b7486a56a9d60cd6dba8a3f1) that addresses the vulnerability.
While no confirmed exploitation campaigns are currently known, the vulnerability has been publicly disclosed, increasing the risk of exploitation.
Refer to the Cesanta security advisory for detailed information and updates regarding CVE-2026-5246.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.