cbcvebase.
CVE-2026-6985
published 2026-04-25

CVE-2026-6985: A weakness has been identified in Cesanta Mongoose up to 7.20. This vulnerability affects the function handle_opt of the file /src/net_builtin.c of the…

PriorityP346high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EPSS
0.56%
42.6th percentile
A weakness has been identified in Cesanta Mongoose up to 7.20. This vulnerability affects the function handle_opt of the file /src/net_builtin.c of the component TCP Option Handler. This manipulation of the argument optlen causes infinite loop. The attack is possible to be carried out remotely. The exploit has been made available to the public and could be used for attacks. Upgrading to version 7.21 is able to resolve this issue. Upgrading the affected component is advised. VulDB has contacted the vendor early and they confirmed quickly, that this issue got fixed already.

Affected

22 ranges
VendorProductVersion rangeFixed in
cesantamongoose
cesantamongoose
cesantamongoose
cesantamongoose
cesantamongoose
cesantamongoose
cesantamongoose
cesantamongoose
cesantamongoose
cesantamongoose
cesantamongoose
cesantamongoose
cesantamongoose
cesantamongoose
cesantamongoose
cesantamongoose
cesantamongoose
cesantamongoose
cesantamongoose
cesantamongoose
cesantamongoose
cesantamongoose>= 7.0 < 7.217.21

CVSS provenance

nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvdv4.05.5MEDIUMCVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.