Mongoose: Preauth RCE and MTLS Bypass on Devices (opens in new tab)

(evilsocket.net)

2 pointsevilsocket1mo ago1 comments

1 comments

Mongoose network library <= 7.20

CVE-2026-5244 - mg_tls_recv_cert pubkey heap-based overflow (exploitable), CVE-2026-5245 - mDNS Record stack-based overflow (exploitable), CVE-2026-5246 - authorization bypass via P-384 Public Key (trivially exploitable)

Fun ride.

j / k navigate · click thread line to collapse

1 comments

evilsocketOP1mo ago

Mongoose network library <= 7.20

Fun ride.

j / k navigate · click thread line to collapse