Mongoose: Preauth RCE and MTLS Bypass on Devices (evilsocket.net) 2 points by evilsocket 3mo ago ↗ HN
[–] evilsocket 3mo ago ↗ Mongoose network library <= 7.20CVE-2026-5244 - mg_tls_recv_cert pubkey heap-based overflow (exploitable), CVE-2026-5245 - mDNS Record stack-based overflow (exploitable), CVE-2026-5246 - authorization bypass via P-384 Public Key (trivially exploitable)Fun ride.
1 comment
[ 4.5 ms ] story [ 19.1 ms ] threadCVE-2026-5244 - mg_tls_recv_cert pubkey heap-based overflow (exploitable), CVE-2026-5245 - mDNS Record stack-based overflow (exploitable), CVE-2026-5246 - authorization bypass via P-384 Public Key (trivially exploitable)
Fun ride.