Known Vulnerabilities for products from Cesanta
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Cesanta".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-6986 json | A security vulnerability has been detected in Cesanta Mongoose up to 7.20. This issue affects the function mg_aes_gcm_decrypt... | Not Provided | 2026-04-25 | 2026-04-29 |
| CVE-2026-6985 json | A weakness has been identified in Cesanta Mongoose up to 7.20. This vulnerability affects the function handle_opt of the file... | Not Provided | 2026-04-25 | 2026-04-29 |
| CVE-2026-5246 json | A vulnerability was determined in Cesanta Mongoose up to 7.20. Affected is the function mg_tls_verify_cert_signature of the f... | Not Provided | 2026-04-02 | 2026-04-29 |
| CVE-2026-5245 json | A vulnerability was found in Cesanta Mongoose up to 7.20. This impacts the function handle_mdns_record of the file mongoose.c... | Not Provided | 2026-04-02 | 2026-04-29 |
| CVE-2026-5244 json | A vulnerability has been found in Cesanta Mongoose up to 7.20. This affects the function mg_tls_recv_cert of the file mongoos... | Not Provided | 2026-04-02 | 2026-04-29 |
| CVE-2026-2968 json | A vulnerability was detected in Cesanta Mongoose up to 7.20. This impacts the function mg_chacha20_poly1305_decrypt of the fi... | Not Provided | 2026-02-23 | 2026-04-29 |
| CVE-2026-2967 json | A security vulnerability has been detected in Cesanta Mongoose up to 7.20. This affects the function getpeer of the file /src... | Not Provided | 2026-02-23 | 2026-04-29 |
| CVE-2026-2966 json | A weakness has been identified in Cesanta Mongoose up to 7.20. The impacted element is the function mg_sendnsreq of the file ... | Not Provided | 2026-02-23 | 2026-04-29 |
| CVE-2023-49551 json | 7.5 - HIGH | 2024-01-02 | 2024-01-05 | |
| CVE-2023-49550 json | 7.5 - HIGH | 2024-01-02 | 2024-01-05 | |
| CVE-2023-43338 json | Cesanta mjs v2.20.0 was discovered to contain a function pointer hijacking vulnerability via the function mjs_get_ptr(). This... | 9.8 - CRITICAL | 2023-09-23 | 2023-09-26 |
| CVE-2023-34188 json | The HTTP server in Mongoose before 7.10 accepts requests containing negative Content-Length headers. By sending a single atta... | 7.5 - HIGH | 2023-06-23 | 2023-09-06 |
| CVE-2023-30088 json | An issue found in Cesanta MJS v.1.26 allows a local attacker to cause a denial of service via the mjs_execute function in mjs... | 5.5 - MEDIUM | 2023-05-09 | 2023-05-15 |
| CVE-2023-30087 json | Buffer Overflow vulnerability found in Cesanta MJS v.1.26 allows a local attacker to cause a denial of service via the mjs_mk... | 5.5 - MEDIUM | 2023-05-09 | 2023-05-16 |
| CVE-2023-29571 json | Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via gc_sweep at src/mjs_gc.c. This vulnerability can lead ... | 5.5 - MEDIUM | 2023-04-12 | 2023-04-19 |
| CVE-2023-29570 json | Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via mjs_ffi_cb_free at src/mjs_ffi.c. This vulnerability c... | 5.5 - MEDIUM | 2023-04-24 | 2023-04-28 |
| CVE-2023-29569 json | Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via ffi_cb_impl_wpwwwww at src/mjs_ffi.c. This vulnerabili... | 5.5 - MEDIUM | 2023-04-14 | 2023-04-19 |
| CVE-2023-2905 json | Due to a failure in validating the length of a provided MQTT_CMD_PUBLISH parsed message with a variable length header, Cesan... | 8.8 - HIGH | 2023-08-09 | 2023-08-16 |
| CVE-2022-25299 json | This affects the package cesanta/mongoose before 7.6. The unsafe handling of file names during upload using mg_http_upload() ... | 7.5 - HIGH | 2022-02-18 | 2022-02-28 |
| CVE-2021-46556 json | Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via mjs_bcode_insert_offset at src/mjs_bcode.c. This vulne... | 5.5 - MEDIUM | 2022-01-27 | 2022-01-31 |
Known software with vulnerabilities from Cesanta
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Cesanta | Mongoose | 3.2 |
| Application | Cesanta | Mongoose Embedded Web Server Library | 3.2 |