Known Vulnerabilities for Mongoose by Cesanta
Listed below are 10 of the newest known vulnerabilities associated with "Mongoose" by "Cesanta".
These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.
Data on known vulnerable versions is also displayed based on information from known CPEs
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-5246 | A vulnerability was determined in Cesanta Mongoose up to 7.20. Affected is the function mg_tls_verify_cert_signature of the f... | Not Provided | 2026-04-02 | 2026-04-02 |
| CVE-2026-5245 | A vulnerability was found in Cesanta Mongoose up to 7.20. This impacts the function handle_mdns_record of the file mongoose.c... | Not Provided | 2026-04-02 | 2026-04-02 |
| CVE-2026-5244 | A vulnerability has been found in Cesanta Mongoose up to 7.20. This affects the function mg_tls_recv_cert of the file mongoos... | Not Provided | 2026-04-02 | 2026-04-02 |
| CVE-2021-26530 | The mg_tls_init function in Cesanta Mongoose HTTPS server 7.0 (compiled with OpenSSL support) is vulnerable to remote OOB wri... | 9.1 - CRITICAL | 2021-02-08 | 2021-02-12 |
| CVE-2021-26529 | The mg_tls_init function in Cesanta Mongoose HTTPS server 7.0 and 6.7-6.18 (compiled with mbedTLS support) is vulnerable to r... | 9.1 - CRITICAL | 2021-02-08 | 2021-02-12 |
| CVE-2021-26528 | The mg_http_serve_file function in Cesanta Mongoose HTTP server 7.0 is vulnerable to remote OOB write attack via connection r... | 9.1 - CRITICAL | 2021-02-08 | 2021-02-12 |
| CVE-2020-25887 | Buffer overflow in mg_resolve_from_hosts_file in Mongoose 6.18, when reading from a crafted hosts file. | 8.8 - HIGH | 2023-08-22 | 2023-08-25 |
| CVE-2020-25756 | ** DISPUTED ** A buffer overflow vulnerability exists in the mg_get_http_header function in Cesanta Mongoose 6.18 due to a la... | 9.8 - CRITICAL | 2020-09-18 | 2023-11-07 |
| CVE-2019-19307 | An integer overflow in parse_mqtt in mongoose.c in Cesanta Mongoose 6.16 allows an attacker to achieve remote DoS (infinite l... | 9.8 - CRITICAL | 2019-11-26 | 2020-08-24 |
| CVE-2019-13503 | mq_parse_http in mongoose.c in Mongoose 6.15 has a heap-based buffer over-read. | 7.5 - HIGH | 2019-07-11 | 2023-01-30 |
Known Affected Configurations (CPE V2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Cesanta | Mongoose | 7.1 | All | All | All |
| Application | Cesanta | Mongoose | 7.0 | All | All | All |
| Application | Cesanta | Mongoose | 6.9 | All | All | All |
| Application | Cesanta | Mongoose | 6.8 | All | All | All |
| Application | Cesanta | Mongoose | 6.7 | All | All | All |
| Application | Cesanta | Mongoose | 6.6 | All | All | All |
| Application | Cesanta | Mongoose | 6.5 | All | All | All |
| Application | Cesanta | Mongoose | 6.4 | All | All | All |
| Application | Cesanta | Mongoose | 6.3 | All | All | All |
| Application | Cesanta | Mongoose | 6.2 | All | All | All |
| Application | Cesanta | Mongoose | 6.18 | All | All | All |
| Application | Cesanta | Mongoose | 6.17 | All | All | All |
| Application | Cesanta | Mongoose | 6.16 | All | All | All |
| Application | Cesanta | Mongoose | 6.15 | All | All | All |
| Application | Cesanta | Mongoose | 6.14 | All | All | All |
| Application | Cesanta | Mongoose | 6.13 | All | All | All |
| Application | Cesanta | Mongoose | 6.12 | All | All | All |
| Application | Cesanta | Mongoose | 6.11 | All | All | All |
| Application | Cesanta | Mongoose | 6.10 | All | All | All |
| Application | Cesanta | Mongoose | 6.1 | All | All | All |