CVE-2026-11404 | Cesanta Mongoose up to 7.21 TLS Server mg_tls_server_recv_hello session_id_len out-of-bounds

SecurityVulns

A vulnerability, which was classified as critical, has been found in Cesanta Mongoose up to 7.21. Impacted is the function mg_tls_server_recv_hello of the component TLS Server. Performing a manipulation of the argument session_id_len results in out-of-bounds read.

This vulnerability is reported as CVE-2026-11404. The attack is possible to be carried out remotely. No exploit exists.VulDB Recent EntriesRead More