CVE-2026-5244
Published: 02 April 2026
Summary
CVE-2026-5244 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability. Its CVSS base score is 7.3 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 22.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Requires timely identification, reporting, and patching of flaws like the heap buffer overflow in Mongoose TLS 1.3 handler, directly mitigated by upgrading to version 7.21.
Mandates validation of information inputs such as the pubkey argument in mg_tls_recv_cert to prevent heap-based buffer overflows from malformed TLS certificate data.
Enforces memory protection mechanisms like bounds checking and heap isolation to block exploitation of the buffer overflow vulnerability even if unpatched.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The remote heap-based buffer overflow in the TLS 1.3 handler of the Mongoose networking library (triggered via crafted pubkey in mg_tls_recv_cert) directly enables unauthenticated remote exploitation of public-facing applications, matching T1190 with no user interaction required.
NVD Description
A vulnerability has been found in Cesanta Mongoose up to 7.20. This affects the function mg_tls_recv_cert of the file mongoose.c of the component TLS 1.3 Handler. Such manipulation of the argument pubkey leads to heap-based buffer overflow. The attack may…
more
be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 7.21 mitigates this issue. The name of the patch is 0d882f1b43ff2308b7486a56a9d60cd6dba8a3f1. It is advisable to upgrade the affected component. The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product.
Deeper analysisAI
CVE-2026-5244 is a heap-based buffer overflow vulnerability in Cesanta Mongoose versions up to 7.20, specifically affecting the mg_tls_recv_cert function in the file mongoose.c within the TLS 1.3 Handler component. The flaw is triggered by manipulation of the pubkey argument, as classified under CWE-119 and CWE-122.
The vulnerability enables remote exploitation by unauthenticated attackers with low attack complexity and no user interaction, per its CVSS v3.1 base score of 7.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L). Successful attacks can result in limited impacts to confidentiality, integrity, and availability, and a public exploit has been disclosed for potential use.
Advisories recommend upgrading to Cesanta Mongoose version 7.21, which incorporates the fixing commit 0d882f1b43ff2308b7486a56a9d60cd6dba8a3f1 available on the project's GitHub repository. The vendor was contacted early, responded professionally, and promptly released the patched version.
Details
- CWE(s)