❌

Normal view

Received — 2 April 2026 ⏭ Security

/r/netsec - Information Security News & Discussion
Mongoose: Preauth RCE and mTLS Bypass on Millions of Devices 2 April 2026 at 13:35

Mongoose: Preauth RCE and mTLS Bypass on Millions of Devices

/r/netsec - Information Security News & Discussion

By: /u/evilsocket

2 April 2026 at 13:35

Mongoose network library <= 7.20

CVE-2026-5244 - mg_tls_recv_cert pubkey heap-based overflow (exploitable)
CVE-2026-5245 - mDNS Record stack-based overflow (exploitable)
CVE-2026-5246 - authorization bypass via P-384 Public Key (trivially exploitable)

Fun ride.

submitted by /u/evilsocket
[link] [comments]