6.3
CVE-2026-5246
- EPSS 0.06%
- Veröffentlicht 02.04.2026 09:45:11
- Zuletzt bearbeitet 03.04.2026 16:10:52
- Quelle cna@vuldb.com
- CVE-Watchlists
- Unerledigt
A vulnerability was determined in Cesanta Mongoose up to 7.20. Affected is the function mg_tls_verify_cert_signature of the file mongoose.c of the component P-384 Public Key Handler. Executing a manipulation can lead to authorization bypass. The attack can be executed remotely. Attacks of this nature are highly complex. The exploitability is told to be difficult. The exploit has been publicly disclosed and may be utilized. Upgrading to version 7.21 is able to address this issue. This patch is called 0d882f1b43ff2308b7486a56a9d60cd6dba8a3f1. The affected component should be upgraded. The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product.
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
LoginDaten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerCesanta
≫
Produkt
Mongoose
Version
7.0
Status
affected
Version
7.1
Status
affected
Version
7.2
Status
affected
Version
7.3
Status
affected
Version
7.4
Status
affected
Version
7.5
Status
affected
Version
7.6
Status
affected
Version
7.7
Status
affected
Version
7.8
Status
affected
Version
7.9
Status
affected
Version
7.10
Status
affected
Version
7.11
Status
affected
Version
7.12
Status
affected
Version
7.13
Status
affected
Version
7.14
Status
affected
Version
7.15
Status
affected
Version
7.16
Status
affected
Version
7.17
Status
affected
Version
7.18
Status
affected
Version
7.19
Status
affected
Version
7.20
Status
affected
Version
7.21
Status
unaffected
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.06% | 0.186 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| cna@vuldb.com | 5.6 | 2.2 | 3.4 |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
|
| cna@vuldb.com | 6.3 | 0 | 0 |
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
|
| cna@vuldb.com | 5.1 | 4.9 | 6.4 |
AV:N/AC:H/Au:N/C:P/I:P/A:P
|
CWE-285 Improper Authorization
The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.
CWE-639 Authorization Bypass Through User-Controlled Key
The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.