Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1110 CNY

100%
Buy Us a Coffee

mongoose — Vulnerabilities & Security Advisories 19

All 19 CVE vulnerabilities found in mongoose, with AI-generated Chinese analysis, references, and POCs.

This page is a vulnerability aggregation resource for the Mongoose embedded web server product, focusing on common weaknesses identified in open-source software libraries. It compiles a comprehensive list of security flaws, ranging from buffer overflows and memory corruption issues to insecure default configurations and improper input validation errors. The dataset covers vulnerabilities reported and published between 2015 and the present, ensuring that historical incidents alongside recent discoveries are readily accessible for security analysts and developers. By reviewing this collection, users can effectively track vendor advisories related to Mongoose to stay informed about ongoing security patches and mitigation strategies. Additionally, the page facilitates a deeper understanding of specific weakness classes, allowing practitioners to analyze patterns in how coding errors manifest in embedded web environments. Users can also look up the product’s vulnerability history to assess risk exposure over time, aiding in informed decision-making for software updates and architecture reviews. This aggregated view serves as a practical tool for maintaining the security posture of systems relying on Mongoose, emphasizing transparency and proactive threat management without requiring deep technical expertise in every individual case. The information is structured to help teams prioritize remediation efforts based on severity and availability of fixes.

Vendor: Cesanta

CVE IDTitleCVSSSeverityPublished
CVE-2026-42334 Mongoose: Improper Sanitization of $nor in sanitizeFilter May Allow NoSQL Injection CWE-74 7.5 High2026-05-14
CVE-2026-6986 Cesanta Mongoose GCM Authentication Tag tls_aes128.c mg_aes_gcm_decrypt signature verification CWE-347 3.7 Low2026-04-25
CVE-2026-6985 Cesanta Mongoose TCP Option net_builtin.c handle_opt infinite loop CWE-835 5.3 Medium2026-04-25
CVE-2026-5246 Cesanta Mongoose P-384 Public Key mongoose.c mg_tls_verify_cert_signature authorization CWE-639 5.6 Medium2026-04-02
CVE-2026-5245 Cesanta Mongoose mDNS Record mongoose.c handle_mdns_record stack-based overflow CWE-121 5.6 Medium2026-04-02
CVE-2026-5244 Cesanta Mongoose TLS 1.3 mongoose.c mg_tls_recv_cert heap-based overflow CWE-122 7.3 High2026-04-02
CVE-2026-2968 Cesanta Mongoose Poly1305 Authentication Tag tls_chacha20.c mg_chacha20_poly1305_decrypt signature verification CWE-347 3.7 Low2026-02-23
CVE-2026-2967 Cesanta Mongoose TCP Sequence Number net_builtin.c getpeer verification of source CWE-940 3.7 Low2026-02-23
CVE-2026-2966 Cesanta Mongoose DNS Transaction ID dns.c mg_sendnsreq random values CWE-330 3.7 Low2026-02-23
CVE-2025-23061 Mongoose 代码注入漏洞 CWE-94 9.0 Critical2025-01-15
CVE-2023-2905 Cesanta Mongoose MQTT Message Parsing Heap Overflow CWE-122 9.8 -2023-08-09
CVE-2017-2891 Cesanta Mongoose 安全漏洞 9.8 -2017-11-07
CVE-2017-2922 Cesanta Mongoose 安全漏洞 9.8 -2017-11-07
CVE-2017-2921 Cesanta Mongoose 数字错误漏洞 9.8 -2017-11-07
CVE-2017-2909 Cesanta Mongoose 安全漏洞 7.5 -2017-11-07
CVE-2017-2895 Cesanta Mongoose 数字错误漏洞 9.1 -2017-11-07
CVE-2017-2894 Cesanta Mongoose 缓冲区错误漏洞 9.8 -2017-11-07
CVE-2017-2893 Cesanta Mongoose 安全漏洞 7.5 -2017-11-07
CVE-2017-2892 Cesanta Mongoose 数字错误漏洞 9.8 -2017-11-07

All 19 known CVE vulnerabilities affecting mongoose with full Chinese analysis, references, and POCs where available.