Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
6.3
Cesanta Mongoose 7.20 TCP Sequence Number Handler Remote Verification Bypass
CVE-2026-2967
Summary
A security issue in Cesanta Mongoose 7.20 allows an attacker to connect to your server without being properly checked, potentially allowing malicious activity. This affects servers using Cesanta Mongoose 7.20. To protect your server, update to a newer version of Cesanta Mongoose as soon as possible.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| cesanta | mongoose | <= 7.20 | – |
Original title
A security vulnerability has been detected in Cesanta Mongoose up to 7.20. This affects the function getpeer of the file /src/net_builtin.c of the component TCP Sequence Number Handler. The manipul...
Original description
A security vulnerability has been detected in Cesanta Mongoose up to 7.20. This affects the function getpeer of the file /src/net_builtin.c of the component TCP Sequence Number Handler. The manipulation leads to improper verification of source of a communication channel. The attack may be initiated remotely. The attack's complexity is rated as high. The exploitability is reported as difficult. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
nvd CVSS2.0
2.6
nvd CVSS3.1
3.7
nvd CVSS4.0
6.3
Vulnerability type
CWE-940
- https://github.com/dwBruijn/CVEs/blob/main/Mongoose/tcp_rst.md Exploit Third Party Advisory
- https://github.com/dwBruijn/CVEs/blob/main/Mongoose/tcp_rst.md#poc Exploit Third Party Advisory
- https://vuldb.com/?ctiid.347334 Permissions Required VDB Entry
- https://vuldb.com/?id.347334 Third Party Advisory VDB Entry
- https://vuldb.com/?submit.755450 Third Party Advisory VDB Entry
Published: 23 Feb 2026 · Updated: 12 Mar 2026 · First seen: 6 Mar 2026