Which versions of Cesanta Mongoose are affected by CVE-2026-2966?

CVE-2026-2966 is a low-severity vulnerability in Cesanta Mongoose (CVSS 3.7). The limited severity suggests constrained impact, typically requiring specific conditions or local access for…

Is there a public PoC exploit available for CVE-2026-2966?

Yes, a public proof-of-concept exploit is available for CVE-2026-2966. Prioritise patching immediately. EPSS: 0.1%.

Cesanta Mongoose CVE-2026-2966

Q: What is the CVSS score of CVE-2026-2966?

CVE-2026-2966 has a CVSS 4.0 base score of 2.9 (Low). CVSS vector: CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.1%.

LOW

Cryptographic Issues (CWE-310)

2026-02-23 cna@vuldb.com

Information Disclosure

2.9

CVSS 4.0

CVSS VectorNVD

CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

None

Scope

Lifecycle Timeline

CVSS changed

Apr 29, 2026 - 01:11 NVD

3.7 (LOW) 2.9 (LOW)

Analysis Generated

Mar 12, 2026 - 21:55 vuln.today

PoC Detected

Feb 23, 2026 - 20:18 vuln.today

Public exploit code

CVE Published

Feb 23, 2026 - 03:15 nvd

LOW 3.7

DescriptionNVD

A weakness has been identified in Cesanta Mongoose up to 7.20. The impacted element is the function mg_sendnsreq of the file /src/dns.c of the component DNS Transaction ID Handler. Executing a manipulation of the argument random can lead to insufficiently random values. The attack can be launched remotely. The attack requires a high level of complexity. The exploitability is regarded as difficult. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.

AnalysisAI

A weakness has been identified in Cesanta Mongoose up to 7.20. The impacted element is the function mg_sendnsreq of the file /src/dns.c of the component DNS Transaction ID Handler. …

RemediationAI

During next maintenance window: Apply vendor patches when convenient. Monitor vendor channels for updates.

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-2966 vulnerability details – vuln.today

Back