{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-6985", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2026-04-24T19:12:47.755Z", "datePublished": "2026-04-25T16:15:13.639Z", "dateUpdated": "2026-04-27T12:35:36.821Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-04-25T16:15:13.639Z"}, "title": "Cesanta Mongoose TCP Option net_builtin.c handle_opt infinite loop", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-835", "lang": "en", "description": "Infinite Loop"}]}, {"descriptions": [{"type": "CWE", "cweId": "CWE-404", "lang": "en", "description": "Denial of Service"}]}], "affected": [{"vendor": "Cesanta", "product": "Mongoose", "versions": [{"version": "7.0", "status": "affected"}, {"version": "7.1", "status": "affected"}, {"version": "7.2", "status": "affected"}, {"version": "7.3", "status": "affected"}, {"version": "7.4", "status": "affected"}, {"version": "7.5", "status": "affected"}, {"version": "7.6", "status": "affected"}, {"version": "7.7", "status": "affected"}, {"version": "7.8", "status": "affected"}, {"version": "7.9", "status": "affected"}, {"version": "7.10", "status": "affected"}, {"version": "7.11", "status": "affected"}, {"version": "7.12", "status": "affected"}, {"version": "7.13", "status": "affected"}, {"version": "7.14", "status": "affected"}, {"version": "7.15", "status": "affected"}, {"version": "7.16", "status": "affected"}, {"version": "7.17", "status": "affected"}, {"version": "7.18", "status": "affected"}, {"version": "7.19", "status": "affected"}, {"version": "7.20", "status": "affected"}, {"version": "7.21", "status": "unaffected"}], "cpes": ["cpe:2.3:a:cesanta:mongoose:*:*:*:*:*:*:*:*"], "modules": ["TCP Option Handler"]}], "descriptions": [{"lang": "en", "value": "A weakness has been identified in Cesanta Mongoose up to 7.20. This vulnerability affects the function handle_opt of the file /src/net_builtin.c of the component TCP Option Handler. This manipulation of the argument optlen causes infinite loop. The attack is possible to be carried out remotely. The exploit has been made available to the public and could be used for attacks. Upgrading to version 7.21 is able to resolve this issue. Upgrading the affected component is advised. VulDB has contacted the vendor early and they confirmed quickly, that this issue got fixed already."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 6.9, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P", "baseSeverity": "MEDIUM"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C", "baseSeverity": "MEDIUM"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 5.3, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C", "baseSeverity": "MEDIUM"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 5, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P/E:POC/RL:OF/RC:C"}}], "timeline": [{"time": "2026-04-24T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2026-04-24T02:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2026-04-24T21:17:57.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "dwbruijn (VulDB User)", "type": "reporter"}, {"lang": "en", "value": "VulDB CNA Team", "type": "coordinator"}], "references": [{"url": "https://vuldb.com/vuln/359528", "name": "VDB-359528 | Cesanta Mongoose TCP Option net_builtin.c handle_opt infinite loop", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/vuln/359528/cti", "name": "VDB-359528 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/submit/796230", "name": "Submit #796230 | Cesanta Mongoose 7.20 Denial of Service", "tags": ["third-party-advisory"]}, {"url": "https://github.com/dwBruijn/CVEs/blob/main/Mongoose/TCP_opt_dos.md", "tags": ["exploit"]}, {"url": "https://github.com/cesanta/mongoose/releases/tag/7.21", "tags": ["patch"]}], "tags": ["x_open-source"]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-27T12:35:19.133011Z", "id": "CVE-2026-6985", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-27T12:35:36.821Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-6985", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-27T12:35:19.133011Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-27T12:35:33.405Z"}}], "cna": {"tags": ["x_open-source"], "title": "Cesanta Mongoose TCP Option net_builtin.c handle_opt infinite loop", "credits": [{"lang": "en", "type": "reporter", "value": "dwbruijn (VulDB User)"}, {"lang": "en", "type": "coordinator", "value": "VulDB CNA Team"}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 6.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 5, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P/E:POC/RL:OF/RC:C"}}], "affected": [{"cpes": ["cpe:2.3:a:cesanta:mongoose:*:*:*:*:*:*:*:*"], "vendor": "Cesanta", "modules": ["TCP Option Handler"], "product": "Mongoose", "versions": [{"status": "affected", "version": "7.0"}, {"status": "affected", "version": "7.1"}, {"status": "affected", "version": "7.2"}, {"status": "affected", "version": "7.3"}, {"status": "affected", "version": "7.4"}, {"status": "affected", "version": "7.5"}, {"status": "affected", "version": "7.6"}, {"status": "affected", "version": "7.7"}, {"status": "affected", "version": "7.8"}, {"status": "affected", "version": "7.9"}, {"status": "affected", "version": "7.10"}, {"status": "affected", "version": "7.11"}, {"status": "affected", "version": "7.12"}, {"status": "affected", "version": "7.13"}, {"status": "affected", "version": "7.14"}, {"status": "affected", "version": "7.15"}, {"status": "affected", "version": "7.16"}, {"status": "affected", "version": "7.17"}, {"status": "affected", "version": "7.18"}, {"status": "affected", "version": "7.19"}, {"status": "affected", "version": "7.20"}, {"status": "unaffected", "version": "7.21"}]}], "timeline": [{"lang": "en", "time": "2026-04-24T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2026-04-24T02:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2026-04-24T21:17:57.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/vuln/359528", "name": "VDB-359528 | Cesanta Mongoose TCP Option net_builtin.c handle_opt infinite loop", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/vuln/359528/cti", "name": "VDB-359528 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/submit/796230", "name": "Submit #796230 | Cesanta Mongoose 7.20 Denial of Service", "tags": ["third-party-advisory"]}, {"url": "https://github.com/dwBruijn/CVEs/blob/main/Mongoose/TCP_opt_dos.md", "tags": ["exploit"]}, {"url": "https://github.com/cesanta/mongoose/releases/tag/7.21", "tags": ["patch"]}], "descriptions": [{"lang": "en", "value": "A weakness has been identified in Cesanta Mongoose up to 7.20. This vulnerability affects the function handle_opt of the file /src/net_builtin.c of the component TCP Option Handler. This manipulation of the argument optlen causes infinite loop. The attack is possible to be carried out remotely. The exploit has been made available to the public and could be used for attacks. Upgrading to version 7.21 is able to resolve this issue. Upgrading the affected component is advised. VulDB has contacted the vendor early and they confirmed quickly, that this issue got fixed already."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-835", "description": "Infinite Loop"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-404", "description": "Denial of Service"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-04-25T16:15:13.639Z"}}}, "cveMetadata": {"cveId": "CVE-2026-6985", "state": "PUBLISHED", "dateUpdated": "2026-04-27T12:35:36.821Z", "dateReserved": "2026-04-24T19:12:47.755Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2026-04-25T16:15:13.639Z", "assignerShortName": "VulDB"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cesanta:mongoose:*:*:*:*:*:*:*:*", "matchCriteriaId": "CFB6060D-2132-492F-8C8D-CC053CCFBC80", "versionEndExcluding": "7.21", "versionStartIncluding": "7.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A weakness has been identified in Cesanta Mongoose up to 7.20. This vulnerability affects the function handle_opt of the file /src/net_builtin.c of the component TCP Option Handler. This manipulation of the argument optlen causes infinite loop. The attack is possible to be carried out remotely. The exploit has been made available to the public and could be used for attacks. Upgrading to version 7.21 is able to resolve this issue. Upgrading the affected component is advised. VulDB has contacted the vendor early and they confirmed quickly, that this issue got fixed already."}], "id": "CVE-2026-6985", "lastModified": "2026-04-29T19:05:12.250", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "cna@vuldb.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "PROOF_OF_CONCEPT", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2026-04-25T17:16:33.520", "references": [{"source": "cna@vuldb.com", "tags": ["Product", "Release Notes"], "url": "https://github.com/cesanta/mongoose/releases/tag/7.21"}, {"source": "cna@vuldb.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/dwBruijn/CVEs/blob/main/Mongoose/TCP_opt_dos.md"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://vuldb.com/submit/796230"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://vuldb.com/vuln/359528"}, {"source": "cna@vuldb.com", "tags": ["Permissions Required", "VDB Entry"], "url": "https://vuldb.com/vuln/359528/cti"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-404"}, {"lang": "en", "value": "CWE-835"}], "source": "cna@vuldb.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "7.0"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "7.1"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "7.2"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "7.3"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "7.4"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "7.5"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "7.6"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "7.7"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "7.8"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "7.9"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "7.10"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "7.11"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "7.12"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "7.13"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "7.14"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "7.15"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "7.16"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "7.17"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "7.18"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "7.19"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "7.20"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "7.21"}}], "enrichment": {"confidence": 90.0, "confidence_source": "inferred", "scores": [{"score": 90.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Mongoose", "source": "cna", "vendor": "Cesanta"}, "product": "mongoose", "vendor": "cesanta"}], "analysis": {"en": {"generated_at": "2026-04-28T05:33:48.702359+00:00", "value": {"mitigation_remediation": ["Upgrade the Cesanta Mongoose component to version 7.21 or later to remove the infinite loop bug.", "After the upgrade, restart the service or process that uses the TCP Option Handler to ensure the new code is loaded.", "If an upgrade cannot be performed immediately, consider limiting or blocking TCP option traffic from untrusted sources using firewall or network segmentation until the fix is applied."], "summary": {"action": "Patch", "impact": "Denial of Service via infinite loop"}, "threat_synthesis": {"affected_systems": "Products affected are Cesanta Mongoose, version 7.20 and earlier. The problem was identified in releases up to 7.20. Upgrading to version 7.21 patches the flaw and is the recommended action. No other vendors or products are listed as impacted.", "description_and_impact": "The vulnerability resides in the handle_opt function of the TCP Option Handler within Cesanta Mongoose and is triggered by manipulating the optlen argument. This causes an infinite loop, effectively exhausting CPU or system resources and leading to a denial of service. The flaw is classified under CWE-404 and CWE-835, reflecting improper resource handling and the presence of an infinite loop. The impact is that an attacker can remotely trigger the loop and render the affected component or system unresponsive, potentially affecting availability for users relying on the service.", "risk_and_exploitability": "The CVSS score of 6.9 indicates a moderate severity, and the EPSS score of below 1% reflects a very low probability of exploitation at any given time. The vulnerability is not listed in the CISA KEV catalog. The attack vector is remote; the defect is exposed through network traffic processed by the TCP Option Handler, meaning an attacker does not need local privileges. Although the exploitation code is publicly available, the low EPSS suggests few real\u2010world incidents to date, but the remote nature and denial-of-service impact still warrant remediation."}}}}, "created": "2026-04-27T18:45:11.311166+00:00", "updated": "2026-04-28T05:45:23.291052+00:00", "vendors": ["cesanta", "cesanta$PRODUCT$mongoose"]}