Description
A vulnerability was detected in Cesanta Mongoose up to 7.20. This impacts the function mg_chacha20_poly1305_decrypt of the file /src/tls_chacha20.c of the component Poly1305 Authentication Tag Handler. The manipulation results in improper verification of cryptographic signature. The attack may be launched remotely. This attack is characterized by high complexity. The exploitability is said to be difficult. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Published: 2026-02-23
Score: 6.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Improper cryptographic signature verification leading to authentication bypass
Action: Patch immediately
AI Analysis

Impact

The vulnerability is located in the Poly1305 Authentication Tag Handler function mg_chacha20_poly1305_decrypt within Cesanta Mongoose up to version 7.20. Manipulating the authentication tag causes the function to accept an invalid or forged cryptographic signature as valid, effectively bypassing the authentication mechanism. The flaw is categorized as CWE-345 and CWE-347, indicating improper handling of cryptographic validation that may be exploitable by an attacker to deliver forged data or commands.

Affected Systems

Affected systems include all deployments that incorporate Cesanta Mongoose, specifically version 7.20 and earlier. The flaw impacts any TLS session that relies on the ChaCha20/Poly1305 cipher suite. The CNA list identifies Cesanta:Mongoose as the affected vendor‑product pair and no other operating systems or subcomponents are mentioned.

Risk and Exploitability

Risk and exploitability assessment shows a CVSS score of 6.3, reflecting moderate severity. The EPSS score is below 1%, signaling a low likelihood of widespread exploitation at present. The vulnerability is not listed in the CISA KEV catalog. The attack can be launched remotely by an attacker who can craft an authentication tag with a forged Poly1305 tag, but the exploit is described as difficult, meaning that it requires the ability to generate a valid ChaCha20/Poly1305 payload. Successful exploitation bypasses integrity checks and can lead to unauthorized data processing or command execution within the affected application.

Generated by OpenCVE AI on April 18, 2026 at 11:09 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Cesanta Mongoose to a patched version that resolves the mg_chacha20_poly1305_decrypt verification issue, as documented in Cesanta release notes.
  • If upgrading is not immediately possible, reconfigure TLS to use an alternative cipher suite that does not rely on the faulty Poly1305 handler, such as AES-GCM.
  • Deploy network segmentation and monitor for anomalous TLS handshake failures, applying rate limiting to mitigate potential brute‑force attempts on the authentication tag verification process.

Generated by OpenCVE AI on April 18, 2026 at 11:09 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 23 Feb 2026 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 23 Feb 2026 03:30:00 +0000

Type Values Removed Values Added
Description A vulnerability was detected in Cesanta Mongoose up to 7.20. This impacts the function mg_chacha20_poly1305_decrypt of the file /src/tls_chacha20.c of the component Poly1305 Authentication Tag Handler. The manipulation results in improper verification of cryptographic signature. The attack may be launched remotely. This attack is characterized by high complexity. The exploitability is said to be difficult. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Title Cesanta Mongoose Poly1305 Authentication Tag tls_chacha20.c mg_chacha20_poly1305_decrypt signature verification
First Time appeared Cesanta
Cesanta mongoose
Weaknesses CWE-345
CWE-347
CPEs cpe:2.3:a:cesanta:mongoose:*:*:*:*:*:*:*:*
Vendors & Products Cesanta
Cesanta mongoose
References
Metrics cvssV2_0

{'score': 2.6, 'vector': 'AV:N/AC:H/Au:N/C:N/I:P/A:N/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 3.7, 'vector': 'CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 3.7, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 6.3, 'vector': 'CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Cesanta Mongoose
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-02-23T17:26:53.648Z

Reserved: 2026-02-22T07:57:31.932Z

Link: CVE-2026-2968

cve-icon Vulnrichment

Updated: 2026-02-23T17:26:47.270Z

cve-icon NVD

Status : Analyzed

Published: 2026-02-23T04:16:02.283

Modified: 2026-02-23T20:17:23.503

Link: CVE-2026-2968

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T11:15:35Z

Weaknesses