Cesanta Security Vulnerabilities (CVEs)

Track 24 security vulnerabilities affecting Cesanta products and software. Get instant email alerts when new CVEs are discovered, automated security monitoring, and patch guidance.

5 Critical

13 High

5 Medium

1 Low

Sort by:

🔔 Get Alerts for Cesanta

CVE-2026-2968 3.7

This vulnerability in Cesanta Mongoose allows attackers to bypass cryptographic signature verification in the ChaCha20-Poly1305 decryption function. A...

Feb 23, 2026

CVE-2025-65502 4.3

A null pointer dereference vulnerability in Cesanta Mongoose's add_ca_certs() function allows remote attackers to cause denial of service by triggerin...

Nov 24, 2025

CVE-2025-51495 7.5

An integer overflow vulnerability in Mongoose's WebSocket component (versions 7.5 through 7.17) allows attackers to crash applications via specially c...

Sep 29, 2025

CVE-2024-42390 4.3

This vulnerability in Cesanta Mongoose Web Server v7.14 allows attackers to send specially crafted TLS packets that cause the server to read memory ou...

Nov 18, 2024

CVE-2024-42392 4.0

This vulnerability in Cesanta Mongoose Web Server v7.14 allows attackers to trigger an infinite loop by sending input with unexpected characters. This...

Nov 18, 2024

CVE-2024-42386 8.2

This vulnerability in Cesanta Mongoose Web Server allows attackers to cause a segmentation fault by sending specially crafted TLS packets. It affects ...

Nov 18, 2024

CVE-2024-42388 5.3

This vulnerability in Cesanta Mongoose Web Server allows attackers to send specially crafted TLS packets that cause the server to read memory outside ...

Nov 18, 2024

CVE-2024-42383 4.2

This vulnerability in Cesanta Mongoose Web Server v7.14 allows attackers to write a NULL byte beyond the allocated memory for hostname fields. This co...

Nov 18, 2024

CVE-2024-42384 7.5

An integer overflow vulnerability in Cesanta Mongoose Web Server v7.14 allows attackers to crash the server by sending specially crafted TLS packets. ...

Nov 18, 2024

CVE-2023-49550 7.5

A denial-of-service vulnerability in Cesanta mjs 2.20.0 allows remote attackers to crash applications using this embedded JavaScript engine via a spec...

Jan 2, 2024

CVE-2023-49552 7.5

CVE-2023-49552 is an out-of-bounds write vulnerability in Cesanta mjs 2.20.0's mjs_op_json_stringify function that allows remote attackers to cause de...

Jan 2, 2024

CVE-2023-50044 9.8

CVE-2023-50044 is an out-of-bounds read vulnerability in Cesanta MJS 2.20.0 that occurs when built-in API names appear as substrings in input strings....

Dec 20, 2023

CVE-2021-27425 7.3

CVE-2021-27425 is an integer wrap-around vulnerability in Mongoose-OS's mm_malloc function that can lead to arbitrary memory allocation. This could re...

May 3, 2022

CVE-2022-25299 9.8

CVE-2022-25299 is a path traversal vulnerability in the cesanta/mongoose library's mg_http_upload() function that allows attackers to write files outs...

Feb 18, 2022

CVE-2021-46522 7.8

CVE-2021-46522 is a heap buffer overflow vulnerability in Cesanta MJS JavaScript engine v2.20.0 that allows attackers to execute arbitrary code or cau...

Jan 27, 2022

CVE-2021-46524 7.8

CVE-2021-46524 is a heap buffer overflow vulnerability in Cesanta MJS v2.20.0 that allows attackers to execute arbitrary code or cause denial of servi...

Jan 27, 2022

CVE-2021-46526 7.8

CVE-2021-46526 is a global buffer overflow vulnerability in Cesanta MJS v2.20.0's JSON parsing functionality that allows attackers to execute arbitrar...

Jan 27, 2022

CVE-2021-46509 7.8

CVE-2021-46509 is a stack overflow vulnerability in Cesanta MJS v2.20.0's JSON parsing functionality that allows attackers to execute arbitrary code o...

Jan 27, 2022

CVE-2021-46513 7.8

CVE-2021-46513 is a buffer overflow vulnerability in Cesanta MJS JavaScript engine that allows attackers to execute arbitrary code or cause denial of ...

Jan 27, 2022

CVE-2021-46518 7.8

CVE-2021-46518 is a heap buffer overflow vulnerability in Cesanta MJS JavaScript engine that allows attackers to execute arbitrary code or cause denia...

Jan 27, 2022

CVE-2021-46520 7.8

CVE-2021-46520 is a heap buffer overflow vulnerability in Cesanta MJS JavaScript engine v2.20.0 that allows attackers to execute arbitrary code or cau...

Jan 27, 2022

CVE-2021-31875 9.8

CVE-2021-31875 is an off-by-one heap-based buffer overflow vulnerability in mjs_json_parse function of Cesanta MongooseOS mJS 1.26. A malicious JSON s...

Apr 29, 2021

CVE-2021-26528 9.1

CVE-2021-26528 is a critical out-of-bounds write vulnerability in Cesanta Mongoose HTTP server version 7.0. Attackers can remotely exploit this by sen...

Feb 8, 2021

CVE-2021-26530 9.1

CVE-2021-26530 is a critical out-of-bounds write vulnerability in Cesanta Mongoose HTTPS server when compiled with OpenSSL support. Attackers can remo...

Feb 8, 2021

Why Monitor Cesanta Security Vulnerabilities?

Real-time CVE tracking: Our automated system monitors 24+ known vulnerabilities affecting Cesanta products and software packages. Stay ahead of emerging threats with instant email notifications when new security issues are discovered.

Automated security monitoring: Unlike manual CVE checking, FixTheCVE automatically scans your servers and detects vulnerable Cesanta packages in under 60 seconds. No agents required - completely agentless scanning that works across Cesanta deployments.

Free vulnerability database: Access detailed information about every Cesanta CVE including CVSS scores, severity ratings, affected versions, and actionable patch guidance. Filter by critical, high, medium, or low severity to prioritize your security remediation efforts.

🚀 Get Started in 60 Seconds

Register free account & add your servers
Run one-time scan or schedule automatic monitoring (every 1-24 hours)
Receive instant alerts when new Cesanta CVEs affect your systems
Access dashboard with severity breakdown & fix instructions

Start Monitoring Cesanta CVEs Free