{"id":"CVE-2026-11404","summary":"Cesanta Mongoose before 7.22 Out-of-Bounds Read in MG_TLS_BUILTIN ClientHello Session ID Parsing","details":"Cesanta Mongoose before 7.22 contains an out-of-bounds read in the built-in TLS server function mg_tls_server_recv_hello(), which uses an attacker-controlled session_id_len byte from a TLS ClientHello as a buffer index without validating it against the length of received data. A remote, unauthenticated attacker can send a single crafted ClientHello with an oversized session id length to read past the receive buffer, crashing any HTTPS, MQTTS, or WSS service built on MG_TLS_BUILTIN.","modified":"2026-07-15T01:49:07.155064125Z","published":"2026-07-09T15:13:40.148Z","database_specific":{"cna_assigner":"VulnCheck","cwe_ids":["CWE-125"],"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/11xxx/CVE-2026-11404.json"},"references":[{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/11xxx/CVE-2026-11404.json"},{"type":"ADVISORY","url":"https://github.com/cesanta/mongoose/releases/tag/7.22"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-11404"},{"type":"ADVISORY","url":"https://www.vulncheck.com/advisories/cesanta-mongoose-out-of-bounds-read-in-mg-tls-builtin-clienthello-session-id-parsing"},{"type":"FIX","url":"https://github.com/cesanta/mongoose/commit/c288ac1f38424ffdd4d2fd5e1893fd4962642db3"},{"type":"PACKAGE","url":"https://github.com/cesanta/mongoose"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/cesanta/mongoose","events":[{"introduced":"0"},{"fixed":"beb73a65a99619ff349c59037ea5197f27c7e533"},{"fixed":"c288ac1f38424ffdd4d2fd5e1893fd4962642db3"}],"database_specific":{"extracted_events":[{"introduced":"0"},{"fixed":"7.22"}],"source":["DESCRIPTION","REFERENCES"]}}],"versions":["7.22","7.21","7.20","7.19","7.18","7.17","7.16","7.15","7.14","7.13","7.12","7.11","7.8","7.7","7.6","7.5","7.4","7.3","7.2","7.1","7.0","6.18","6.17","6.16","6.15","6.14","6.13","6.12","6.11","6.10","6.9","6.7","6.6","6.5","6.4","6.3","6.2","6.1","6.0","5.6","5.5_20140120","5.5","5.4","5.3","5.2","5.1","5.0","4.1","4.0","3.8","3.7","3.6","3.5","3.4","3.3","3.2"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-11404.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V4","score":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"}]}