Vulnerability Description
A security vulnerability has been detected in Cesanta Mongoose up to 7.20. This affects the function getpeer of the file /src/net_builtin.c of the component TCP Sequence Number Handler. The manipulation leads to improper verification of source of a communication channel. The attack may be initiated remotely. The attack's complexity is rated as high. The exploitability is reported as difficult. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cesanta | Mongoose | <= 7.20 |
Related Weaknesses (CWE)
References
- https://github.com/dwBruijn/CVEs/blob/main/Mongoose/tcp_rst.mdExploitThird Party Advisory
- https://github.com/dwBruijn/CVEs/blob/main/Mongoose/tcp_rst.md#pocExploitThird Party Advisory
- https://vuldb.com/?ctiid.347334Permissions RequiredVDB Entry
- https://vuldb.com/?id.347334Third Party AdvisoryVDB Entry
- https://vuldb.com/?submit.755450Third Party AdvisoryVDB Entry
FAQ
What is CVE-2026-2967?
CVE-2026-2967 is a vulnerability with a CVSS score of 3.7 (LOW). A security vulnerability has been detected in Cesanta Mongoose up to 7.20. This affects the function getpeer of the file /src/net_builtin.c of the component TCP Sequence Number Handler. The manipulati...
How severe is CVE-2026-2967?
CVE-2026-2967 has been rated LOW with a CVSS base score of 3.7/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2026-2967?
Check the references section above for vendor advisories and patch information. Affected products include: Cesanta Mongoose.