CVE-2026-5244 Cesanta Mongoose TLS 1.3 mongoose.c mg_tls_recv_cert heap-based overflow

A vulnerability has been found in Cesanta Mongoose up to 7.20. This affects the function mgtlsrecvcert of the file mongoose.c of the component TLS 1.3 Handler. Such manipulation of the argument pubkey leads to heap-based buffer overflow. The attack may be launched remotely. The exploit has been...

DEBIAN-CVE-2026-2967

A security vulnerability has been detected in Cesanta Mongoose up to 7.20. This affects the function getpeer of the file /src/netbuiltin.c of the component TCP Sequence Number Handler. The manipulation leads to improper verification of source of a communication channel. The attack may be initiate...

CVE-2026-24822

Out-of-bounds Write, Heap-based Buffer Overflow vulnerability in ttttupup wxhelper src modules. This vulnerability is associated with program files mongoose.C. This issue affects wxhelper: through 3.9.10.19-v1...

EUVD-2025-175617

Malicious code in webdriver-manager-cosmos-mongoose-got npm...

EUVD-2025-124762

Malicious code in mongoose-jovian-perseus-polaris npm...

EUVD-2025-115271

Malicious code in cluster-testcafe-chalk-mongoose npm...

EUVD-2018-12911

Malware in sbrugna...

EUVD-2018-12914

Malware in sbrugna...

PT-2025-4802 · Mongoose · Mongoose

Name of the Vulnerable Software and Affected Versions: Mongoose affected versions not specified Description: The Mongoose library is affected by a flaw that exposes millions of downloads to search injection. This issue arises from the improper handling of nested $where filters with populate match...

UBUNTU-CVE-2022-25299

This affects the package cesanta/mongoose before 7.6. The unsafe handling of file names during upload using mghttpupload method may enable attackers to write files to arbitrary locations outside the designated target folder...

Cesanta Mongoose 缓冲区错误漏洞

Mongoose is a C/C++ network library. An out-of-bounds write vulnerability exists in the mgtlsinit function in Cesanta Mongoose 7.0, 6.7-6.18. An attacker can exploit this vulnerability via a connection request to cause an out-of-bounds write after the memory pool is exhausted...

DEBIAN-CVE-2019-13503

mqparsehttp in mongoose.c in Mongoose 6.15 has a heap-based buffer over-read...

DEBIAN-CVE-2019-12951

An issue was discovered in Mongoose before 6.15. The parsemqtt function in mgmqtt.c has a critical heap-based buffer overflow...

UBUNTU-CVE-2019-12951

An issue was discovered in Mongoose before 6.15. The parsemqtt function in mgmqtt.c has a critical heap-based buffer overflow...

Remote code execution

An invalid read of 8 bytes due to a use-after-free vulnerability during a "NULL test" in the mghttpgetprotodata function in mongoose.c in Cesanta Mongoose Embedded Web Server Library 6.13 and earlier allows a denial of service application crash or remote code execution...

Malicious Typo-Squatting

mongose is a malicious typo-squatting package. The package uses a similar name to the original library so that developers may mistake it for the real one but have malicious actions under the hood such as stealing environment variables...

Cesanta Mongoose Embedded Web Server Library and Mongoose OS Memory Misreference Vulnerability

Cesanta Mongoose Embedded Web Server Library and Mongoose OS are both products of the American company Cesanta. The former is a web library for embedded web servers; the latter is an open source operating system for the Internet of Things. A memory misreference exists in the...