CVE-2026-5244
Received Received - Intake
Heap-Based Buffer Overflow in Cesanta Mongoose TLS 1.3 Handler

Publication date: 2026-04-02

Last updated on: 2026-04-29

Assigner: VulDB

Description
A vulnerability has been found in Cesanta Mongoose up to 7.20. This affects the function mg_tls_recv_cert of the file mongoose.c of the component TLS 1.3 Handler. Such manipulation of the argument pubkey leads to heap-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 7.21 mitigates this issue. The name of the patch is 0d882f1b43ff2308b7486a56a9d60cd6dba8a3f1. It is advisable to upgrade the affected component. The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-02
Last Modified
2026-04-29
Generated
2026-06-16
AI Q&A
2026-04-02
EPSS Evaluated
2026-06-14
NVD
CVE-2026-5244
EUVD
EUVD-2026-18170
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
cesanta mongoose From 7.0 (inc) to 7.21 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-119 The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.
CWE-122 A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in Cesanta Mongoose versions up to 7.20, specifically in the TLS 1.3 Handler component within the function mg_tls_recv_cert in the mongoose.c file. It involves manipulation of the argument pubkey, which leads to a heap-based buffer overflow. This type of overflow occurs when more data is written to a heap buffer than it can hold, potentially allowing an attacker to overwrite adjacent memory.

The vulnerability can be exploited remotely, meaning an attacker does not need local access to the system to launch an attack. The issue has been publicly disclosed and a patch has been released in version 7.21 to mitigate the problem.

Impact Analysis

The heap-based buffer overflow caused by this vulnerability can lead to several security risks including remote code execution, denial of service, or unauthorized access. Because the overflow occurs in the TLS 1.3 Handler, it may allow attackers to manipulate encrypted communications or crash the service handling TLS connections.

Exploitation of this vulnerability could compromise the confidentiality, integrity, and availability of the affected system or application. Attackers could potentially execute arbitrary code or cause the application to behave unpredictably, leading to system compromise or service disruption.

Detection Guidance

The vulnerability involves a heap-based buffer overflow in the mg_tls_recv_cert function of Cesanta Mongoose up to version 7.20. Detection would typically involve monitoring for unusual or malformed TLS certificate exchanges that could trigger this overflow.

Since the vulnerability is in the TLS 1.3 handler and can be exploited remotely, network monitoring tools could be used to detect suspicious TLS handshake anomalies or malformed certificate data.

However, no specific detection commands or signatures are provided in the available resources.

Mitigation Strategies

The primary and recommended mitigation step is to upgrade Cesanta Mongoose to version 7.21, which includes the patch that fixes this vulnerability.

The patch (commit 0d882f1b43ff2308b7486a56a9d60cd6dba8a3f1) introduces multiple security improvements including strict input validation and buffer size checks that prevent the heap-based buffer overflow.

If upgrading immediately is not possible, consider monitoring and restricting remote TLS connections to the affected component to reduce exposure.

Compliance Impact

The vulnerability in Cesanta Mongoose up to version 7.20 involves a heap-based buffer overflow in the TLS 1.3 handler, which can be exploited remotely. Such a vulnerability can potentially lead to unauthorized access, data corruption, or denial of service, which may impact the confidentiality, integrity, and availability of data.

While the provided information does not explicitly mention compliance with standards like GDPR or HIPAA, vulnerabilities that compromise TLS security and allow remote exploitation can undermine the protection of personal or sensitive data. This could lead to non-compliance with regulations that require secure handling and protection of data, such as GDPR's requirements for data security and breach notification, or HIPAA's mandates for safeguarding protected health information.

Upgrading to version 7.21 mitigates the issue, which is advisable to maintain compliance and reduce risk.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-5244. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart