CVE-2026-5246 | Cesanta Mongoose up to 7.20 P-384 Public Key mongoose.c mg_tls_verify_cert_signature authorization

A vulnerability labeled as critical has been found in Cesanta Mongoose up to 7.20. Affected is the function mg_tls_verify_cert_signature of the file mongoose.c of the component P-384 Public Key Handler. Executing a manipulation can lead to authorization bypass.

This vulnerability is handled as CVE-2026-5246. The attack can be executed remotely. Additionally, an exploit exists.

The affected component should be upgraded.

The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product.VulDB Recent EntriesRead More