Skip to main content

Cesanta Mongoose CVE-2026-6986

| EUVDEUVD-2026-25662 LOW
Improper Verification of Cryptographic Signature (CWE-347)
2026-04-25 VulDB
2.9
CVSS 4.0 · NVD

Severity by source

NVD PRIMARY
2.9 LOW
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

10
PoC Detected
Apr 29, 2026 - 19:00 vuln.today
Public exploit code
Severity Changed
Apr 29, 2026 - 01:12 NVD
MEDIUM LOW
CVSS changed
Apr 29, 2026 - 01:12 NVD
6.3 (MEDIUM) 2.9 (LOW)
Severity Changed
Apr 25, 2026 - 17:22 NVD
LOW MEDIUM
CVSS changed
Apr 25, 2026 - 17:22 NVD
3.7 (LOW) 6.3 (MEDIUM)
Analysis Generated
Apr 25, 2026 - 17:15 vuln.today
EUVD ID Assigned
Apr 25, 2026 - 17:00 euvd
EUVD-2026-25662
Analysis Generated
Apr 25, 2026 - 17:00 vuln.today
Patch released
Apr 25, 2026 - 17:00 nvd
Patch available
CVE Published
Apr 25, 2026 - 16:30 nvd
LOW 2.9

DescriptionCVE.org

A security vulnerability has been detected in Cesanta Mongoose up to 7.20. This issue affects the function mg_aes_gcm_decrypt of the file /src/tls_aes128.c of the component GCM Authentication Tag Handler. Such manipulation leads to improper verification of cryptographic signature. The attack may be performed from remote. A high complexity level is associated with this attack. The exploitability is assessed as difficult. The exploit has been disclosed publicly and may be used. Upgrading to version 7.21 is capable of addressing this issue. It is advisable to upgrade the affected component. VulDB has contacted the vendor early and they confirmed quickly, that this issue got fixed already.

AnalysisAI

Improper verification of cryptographic signatures in Cesanta Mongoose versions up to 7.20 allows remote attackers to bypass GCM authentication tag validation in the mg_aes_gcm_decrypt function. The vulnerability has high attack complexity and requires no user interaction, but provides only integrity impact (not confidentiality or availability). Publicly available exploit code exists, and vendor has released patched version 7.21.

Technical ContextAI

The vulnerability resides in the GCM (Galois/Counter Mode) Authentication Tag Handler within the AES-128 cryptographic implementation (file src/tls_aes128.c). GCM mode provides both confidentiality and authenticity guarantees through authenticated encryption. The root cause (CWE-347: Improper Verification of Cryptographic Signature) indicates that the mg_aes_gcm_decrypt function fails to properly validate the authentication tag, which is the 16-byte cryptographic proof that ciphertext has not been tampered with. This allows an attacker to submit forged or modified ciphertext that decrypts successfully without detection of tampering, breaking the authenticity guarantee that GCM is supposed to provide. The high attack complexity reflects that crafting valid forged messages requires cryptographic sophistication or reverse-engineering the implementation.

RemediationAI

Immediately upgrade Cesanta Mongoose to version 7.21 or later, which includes the fix for improper GCM authentication tag verification. The patch is officially released by the vendor at https://github.com/cesanta/mongoose/releases/tag/7.21. If immediate upgrade is not possible, disable GCM-based encryption in Mongoose configuration and use only authenticated encryption modes where the authentication tag validation is independently verified. However, this workaround reduces cryptographic robustness and is not recommended as a long-term solution. Review any messages encrypted with Mongoose 7.20 or earlier using GCM mode for potential tampering, especially authentication tokens (JWT) and critical integrity-sensitive payloads, as attackers may have forged authenticated ciphertexts.

CVE-2013-3900 MEDIUM
5.5 Dec 11

Why is Microsoft republishing a CVE from 2013? We are republishing CVE-2013-3900 in the Security Update Guide to update

CVE-2026-48558 CRITICAL POC
9.5 Jun 12

Authentication bypass in SimpleHelp 5.5.15 and prior (plus 6.0 pre-release builds) allows remote unauthenticated attacke

CVE-2025-59718 CRITICAL
9.8 Dec 09

Authentication bypass in Fortinet FortiOS, FortiProxy, and FortiSwitchManager allows unauthenticated remote attackers to

CVE-2025-25291 CRITICAL POC
9.3 Mar 12

ruby-saml provides security assertion markup language (SAML) single sign-on (SSO) for Ruby. Rated critical severity (CVS

CVE-2025-25292 CRITICAL POC
9.3 Mar 12

ruby-saml provides security assertion markup language (SAML) single sign-on (SSO) for Ruby. Rated critical severity (CVS

CVE-2022-25898 CRITICAL POC
9.8 Jul 01

The package jsrsasign before 10.5.25 are vulnerable to Improper Verification of Cryptographic Signature when JWS or JWT

CVE-2024-42004 CRITICAL POC
9.8 Dec 18

A library injection vulnerability exists in Microsoft Teams (work or school) 24046.2813.2770.1094 for macOS. Rated criti

CVE-2024-41145 CRITICAL POC
9.8 Dec 18

A library injection vulnerability exists in the WebView.app helper app of Microsoft Teams (work or school) 24046.2813.27

CVE-2024-41138 CRITICAL POC
9.8 Dec 18

A library injection vulnerability exists in the com.microsoft.teams2.modulehost.app helper app of Microsoft Teams (work

CVE-2024-45409 CRITICAL POC
9.8 Sep 10

The Ruby SAML library is for implementing the client side of a SAML authorization. Rated critical severity (CVSS 9.8), t

CVE-2022-35929 CRITICAL POC
9.8 Aug 04

cosign is a container signing and verification utility. Rated critical severity (CVSS 9.8), this vulnerability is remote

CVE-2022-31053 CRITICAL POC
9.8 Jun 13

Biscuit is an authentication and authorization token for microservices architectures. Rated critical severity (CVSS 9.8)

Share

CVE-2026-6986 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy