cbcvebase.
CVE-2026-6986
published 2026-04-25

CVE-2026-6986: A security vulnerability has been detected in Cesanta Mongoose up to 7.20. This issue affects the function mg_aes_gcm_decrypt of the file /src/tls_aes128.c of…

PriorityP417low3.7CVSS 3.1
AVNACHPRNUINSUCNILAN
EPSS
0.22%
12.1th percentile
A security vulnerability has been detected in Cesanta Mongoose up to 7.20. This issue affects the function mg_aes_gcm_decrypt of the file /src/tls_aes128.c of the component GCM Authentication Tag Handler. Such manipulation leads to improper verification of cryptographic signature. The attack may be performed from remote. A high complexity level is associated with this attack. The exploitability is assessed as difficult. The exploit has been disclosed publicly and may be used. Upgrading to version 7.21 is capable of addressing this issue. It is advisable to upgrade the affected component. VulDB has contacted the vendor early and they confirmed quickly, that this issue got fixed already.

Affected

22 ranges
VendorProductVersion rangeFixed in
cesantamongoose
cesantamongoose
cesantamongoose
cesantamongoose
cesantamongoose
cesantamongoose
cesantamongoose
cesantamongoose
cesantamongoose
cesantamongoose
cesantamongoose
cesantamongoose
cesantamongoose
cesantamongoose
cesantamongoose
cesantamongoose
cesantamongoose
cesantamongoose
cesantamongoose
cesantamongoose
cesantamongoose
cesantamongoose>= 7.0 < 7.217.21

CVSS provenance

nvdv3.13.7LOWCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
nvdv4.02.9LOWCVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
nvdv2.02.6LOWAV:N/AC:H/Au:N/C:N/I:P/A:N
vendor_redhat3.7LOW
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.