EUVD-2026-25661

🗓️ 25 Apr 2026 16:15:13Reported by EUVDType

Remote infinite loop in Cesanta Mongoose up to version 7.20; fixed in 7.21; upgrade recommended.

Reporter	Title	Published	Views	Family All 13
ATTACKERKB	CVE-2026-6985	25 Apr 202616:15	–	attackerkb
CNNVD	Cesanta Mongoose 安全漏洞	25 Apr 202600:00	–	cnnvd
CVE	CVE-2026-6985	25 Apr 202616:15	–	cve
Cvelist	CVE-2026-6985 Cesanta Mongoose TCP Option net_builtin.c handle_opt infinite loop	25 Apr 202616:15	–	cvelist
Debian CVE	CVE-2026-6985	25 Apr 202616:15	–	debiancve
NVD	CVE-2026-6985	25 Apr 202617:16	–	nvd
OSV	DEBIAN-CVE-2026-6985	25 Apr 202617:16	–	osv
OSV	JLSEC-2026-372	30 Apr 202619:30	–	osv
OSV	UBUNTU-CVE-2026-6985	15 Jun 202600:00	–	osv
Positive Technologies	PT-2026-35156	25 Apr 202600:00	–	ptsecurity

[
  {
    "enisaIdVendor": [
      {
        "id": "542946c8-f9c0-3a2d-b0e2-504eaae8cea2",
        "vendor": {
          "name": "Cesanta"
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "013a6243-6e79-33b4-93b1-5e8ac87cda69",
        "product": {
          "name": "Mongoose"
        },
        "product_version": "7.12"
      },
      {
        "id": "122ac996-b64a-35b7-b7e1-58461c8dfe38",
        "product": {
          "name": "Mongoose"
        },
        "product_version": "7.3"
      },
      {
        "id": "1685f901-440b-3dbc-90f8-c465e5132343",
        "product": {
          "name": "Mongoose"
        },
        "product_version": "7.6"
      },
      {
        "id": "3a415f20-57ac-3847-8166-d3f833c5d327",
        "product": {
          "name": "Mongoose"
        },
        "product_version": "7.5"
      },
      {
        "id": "53e133e2-b683-3e43-8967-9b71bd639f0e",
        "product": {
          "name": "Mongoose"
        },
        "product_version": "7.4"
      },
      {
        "id": "621a2c50-1a31-39f2-b3f4-2c33ea89a0cb",
        "product": {
          "name": "Mongoose"
        },
        "product_version": "7.9"
      },
      {
        "id": "62b3061a-164c-3233-8bf6-928055a6d7db",
        "product": {
          "name": "Mongoose"
        },
        "product_version": "7.15"
      },
      {
        "id": "655376b2-bc01-3829-8cff-08251828ca4e",
        "product": {
          "name": "Mongoose"
        },
        "product_version": "7.7"
      },
      {
        "id": "6d2b5bb8-3980-3da8-b064-39eb9f54c37a",
        "product": {
          "name": "Mongoose"
        },
        "product_version": "7.17"
      },
      {
        "id": "70bea1f9-ddba-378e-99ed-4c543540ee82",
        "product": {
          "name": "Mongoose"
        },
        "product_version": "7.20"
      },
      {
        "id": "74163af7-d82d-375f-b6c7-e03aee1dc542",
        "product": {
          "name": "Mongoose"
        },
        "product_version": "7.8"
      },
      {
        "id": "8991b010-5c92-3ac0-825a-b57bd09369bb",
        "product": {
          "name": "Mongoose"
        },
        "product_version": "7.1"
      },
      {
        "id": "9070e0be-7ece-3fd9-b380-b3e72be41b7d",
        "product": {
          "name": "Mongoose"
        },
        "product_version": "7.14"
      },
      {
        "id": "942f6a7a-bcc0-3b53-81a0-5066ef321c1e",
        "product": {
          "name": "Mongoose"
        },
        "product_version": "7.18"
      },
      {
        "id": "a63be1a8-8d49-3eec-8ccf-f554713c3112",
        "product": {
          "name": "Mongoose"
        },
        "product_version": "7.10"
      },
      {
        "id": "b15a4708-709c-3cf1-8d07-5f5793c5ab8d",
        "product": {
          "name": "Mongoose"
        },
        "product_version": ""
      },
      {
        "id": "b62dcf66-a888-3db8-8f6d-6e39c21731de",
        "product": {
          "name": "Mongoose"
        },
        "product_version": "7.11"
      },
      {
        "id": "baff0211-352e-3cbf-a8a8-b8daade55309",
        "product": {
          "name": "Mongoose"
        },
        "product_version": "7.0"
      },
      {
        "id": "be44bea8-7530-3ad8-8779-84fc6876920f",
        "product": {
          "name": "Mongoose"
        },
        "product_version": "7.13"
      },
      {
        "id": "be5048d6-d527-367d-ab2e-4a0bf5fd72a4",
        "product": {
          "name": "Mongoose"
        },
        "product_version": "7.16"
      },
      {
        "id": "bf2538ef-df11-3675-b2f1-77bd6ed51927",
        "product": {
          "name": "Mongoose"
        },
        "product_version": "7.19"
      },
      {
        "id": "f1c9f682-e634-346f-b209-73c6e80fb364",
        "product": {
          "name": "Mongoose"
        },
        "product_version": "7.2"
      }
    ]
  }
]

Source	Link
vuldb	www.vuldb.com/vuln/359528
vuldb	www.vuldb.com/vuln/359528/cti
vuldb	www.vuldb.com/submit/796230
github	www.github.com/dwBruijn/CVEs/blob/main/Mongoose/TCP_opt_dos.md
github	www.github.com/cesanta/mongoose/releases/tag/7.21

25 Apr 2026 16:15Current

5.5Medium risk

Vulners AI Score5.5

CVSS 46.9

CVSS 25

CVSS 3.15.3

CVSS 35.3

EPSS0.00565