CVE-2026-6986
published 2026-04-25CVE-2026-6986: A security vulnerability has been detected in Cesanta Mongoose up to 7.20. This issue affects the function mg_aes_gcm_decrypt of the file /src/tls_aes128.c of…
PriorityP417low3.7CVSS 3.1
AVNACHPRNUINSUCNILAN
EPSS
0.22%
12.1th percentile
A security vulnerability has been detected in Cesanta Mongoose up to 7.20. This issue affects the function mg_aes_gcm_decrypt of the file /src/tls_aes128.c of the component GCM Authentication Tag Handler. Such manipulation leads to improper verification of cryptographic signature. The attack may be performed from remote. A high complexity level is associated with this attack. The exploitability is assessed as difficult. The exploit has been disclosed publicly and may be used. Upgrading to version 7.21 is capable of addressing this issue. It is advisable to upgrade the affected component. VulDB has contacted the vendor early and they confirmed quickly, that this issue got fixed already.
Affected
22 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cesanta | mongoose | — | — |
| cesanta | mongoose | — | — |
| cesanta | mongoose | — | — |
| cesanta | mongoose | — | — |
| cesanta | mongoose | — | — |
| cesanta | mongoose | — | — |
| cesanta | mongoose | — | — |
| cesanta | mongoose | — | — |
| cesanta | mongoose | — | — |
| cesanta | mongoose | — | — |
| cesanta | mongoose | — | — |
| cesanta | mongoose | — | — |
| cesanta | mongoose | — | — |
| cesanta | mongoose | — | — |
| cesanta | mongoose | — | — |
| cesanta | mongoose | — | — |
| cesanta | mongoose | — | — |
| cesanta | mongoose | — | — |
| cesanta | mongoose | — | — |
| cesanta | mongoose | — | — |
| cesanta | mongoose | — | — |
| cesanta | mongoose | >= 7.0 < 7.21 | 7.21 |
CVSS provenance
nvdv3.13.7LOWCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
nvdv4.02.9LOWCVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
nvdv2.02.6LOWAV:N/AC:H/Au:N/C:N/I:P/A:N
vendor_redhat3.7LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
mongoose: Mongoose: Improper cryptographic signature verification
vendor_redhat·2026-04-25·CVSS 3.7
CVE-2026-6986 [LOW] CWE-347 mongoose: Mongoose: Improper cryptographic signature verification
mongoose: Mongoose: Improper cryptographic signature verification
A security vulnerability has been detected in Cesanta Mongoose up to 7.20. This issue affects the function mg_aes_gcm_decrypt of the file /src/tls_aes128.c of the component GCM Authentication Tag Handler. Such manipulation leads to improper verification of cryptographic signature. The attack may be performed from remote. A high complexity level is associated with this attack. The exploitability is assessed as difficult. The exploit has been disclosed publicly and may be used. Upgrading to version 7.21 is capable of addressing this issue. It is advisable to upgrade the affected component. VulDB has contacted the vendor early and they confirmed quickly, that this issue got fixed already.
A flaw was found in Cesanta Mongoose.
GHSA
GHSA-p5j9-fjff-qrmr: A security vulnerability has been detected in Cesanta Mongoose up to 7
ghsa_unreviewed·2026-04-25
CVE-2026-6986 [MEDIUM] CWE-345 GHSA-p5j9-fjff-qrmr: A security vulnerability has been detected in Cesanta Mongoose up to 7
A security vulnerability has been detected in Cesanta Mongoose up to 7.20. This issue affects the function mg_aes_gcm_decrypt of the file /src/tls_aes128.c of the component GCM Authentication Tag Handler. Such manipulation leads to improper verification of cryptographic signature. The attack may be performed from remote. A high complexity level is associated with this attack. The exploitability is assessed as difficult. The exploit has been disclosed publicly and may be used. Upgrading to version 7.21 is capable of addressing this issue. It is advisable to upgrade the affected component. VulDB has contacted the vendor early and they confirmed quickly, that this issue got fixed already.
VulDB
Cesanta Mongoose up to 7.20 GCM Authentication Tag /src/tls_aes128.c mg_aes_gcm_decrypt signature verification
vuldb·2026-04-24·CVSS 6.3
CVE-2026-6986 [MEDIUM] Cesanta Mongoose up to 7.20 GCM Authentication Tag /src/tls_aes128.c mg_aes_gcm_decrypt signature verification
A vulnerability categorized as problematic has been discovered in Cesanta Mongoose up to 7.20. This issue affects the function mg_aes_gcm_decrypt of the file /src/tls_aes128.c of the component GCM Authentication Tag Handler. Such manipulation leads to improper verification of cryptographic signature.
This vulnerability is listed as CVE-2026-6986. The attack may be performed from remote. In addition, an exploit is available.
It is advisable to upgrade the affected component.
VulDB has contacted the vendor early and they confirmed quickly, that this issue got fixed already.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2026-6986 flmsg: Mongoose: Improper cryptographic signature verification [fedora-all]
bugzilla·2026-04-29·CVSS 6.3
CVE-2026-6986 [MEDIUM] CVE-2026-6986 flmsg: Mongoose: Improper cryptographic signature verification [fedora-all]
CVE-2026-6986 flmsg: Mongoose: Improper cryptographic signature verification [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Bugzilla
CVE-2026-6986 smplayer: Mongoose: Improper cryptographic signature verification [fedora-all]
bugzilla·2026-04-29·CVSS 6.3
CVE-2026-6986 [MEDIUM] CVE-2026-6986 smplayer: Mongoose: Improper cryptographic signature verification [fedora-all]
CVE-2026-6986 smplayer: Mongoose: Improper cryptographic signature verification [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Bugzilla
CVE-2026-6986 mongoose: Mongoose: Improper cryptographic signature verification [fedora-all]
bugzilla·2026-04-29·CVSS 6.3
CVE-2026-6986 [MEDIUM] CVE-2026-6986 mongoose: Mongoose: Improper cryptographic signature verification [fedora-all]
CVE-2026-6986 mongoose: Mongoose: Improper cryptographic signature verification [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Bugzilla
CVE-2026-6986 smplayer: Mongoose: Improper cryptographic signature verification [epel-all]
bugzilla·2026-04-29·CVSS 6.3
CVE-2026-6986 [MEDIUM] CVE-2026-6986 smplayer: Mongoose: Improper cryptographic signature verification [epel-all]
CVE-2026-6986 smplayer: Mongoose: Improper cryptographic signature verification [epel-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Bugzilla
CVE-2026-6986 mongoose: Mongoose: Improper cryptographic signature verification
bugzilla·2026-04-25·CVSS 6.3
CVE-2026-6986 [MEDIUM] CVE-2026-6986 mongoose: Mongoose: Improper cryptographic signature verification
CVE-2026-6986 mongoose: Mongoose: Improper cryptographic signature verification
A security vulnerability has been detected in Cesanta Mongoose up to 7.20. This issue affects the function mg_aes_gcm_decrypt of the file /src/tls_aes128.c of the component GCM Authentication Tag Handler. Such manipulation leads to improper verification of cryptographic signature. The attack may be performed from remote. A high complexity level is associated with this attack. The exploitability is assessed as difficult. The exploit has been disclosed publicly and may be used. Upgrading to version 7.21 is capable of addressing this issue. It is advisable to upgrade the affected component. VulDB has contacted the vendor early and they confirmed quickly, that this issue got fixed already.
2026-04-25
Published