Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-4qed-ypyn-h7g8
SummaryA vulnerability was determined in Cesanta Mongoose up to 7.20. Affected is the function mg_tls_verify_cert_signature of the file mongoose.c of the component P-384 Public Key Handler. Executing a manipulation can lead to authorization bypass. The attack can be executed remotely. Attacks of this nature are highly complex. The exploitability is told to be difficult. The exploit has been publicly disclosed and may be utilized. Upgrading to version 7.21 is able to address this issue. This patch is called 0d882f1b43ff2308b7486a56a9d60cd6dba8a3f1. The affected component should be upgraded. The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product.
Aliases
0
alias CVE-2026-5246
Fixed_packages
0
url pkg:deb/debian/mongoose@0?distro=sid
purl pkg:deb/debian/mongoose@0?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mongoose@0%3Fdistro=sid
1
url pkg:deb/debian/mongoose@7.21%2Bds-2?distro=sid
purl pkg:deb/debian/mongoose@7.21%2Bds-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mongoose@7.21%252Bds-2%3Fdistro=sid
2
url pkg:deb/debian/swupdate@2024.12.1%2Bdfsg-3~bpo12%2B1
purl pkg:deb/debian/swupdate@2024.12.1%2Bdfsg-3~bpo12%2B1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/swupdate@2024.12.1%252Bdfsg-3~bpo12%252B1
3
url pkg:deb/debian/swupdate@2025.12%2Bdfsg-10~bpo13%2B2
purl pkg:deb/debian/swupdate@2025.12%2Bdfsg-10~bpo13%2B2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/swupdate@2025.12%252Bdfsg-10~bpo13%252B2
4
url pkg:deb/debian/swupdate@2025.12%2Bdfsg-10?distro=trixie
purl pkg:deb/debian/swupdate@2025.12%2Bdfsg-10?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/swupdate@2025.12%252Bdfsg-10%3Fdistro=trixie
5
url pkg:deb/debian/swupdate@2026.05%2Bdfsg-2?distro=trixie
purl pkg:deb/debian/swupdate@2026.05%2Bdfsg-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/swupdate@2026.05%252Bdfsg-2%3Fdistro=trixie
6
url pkg:deb/debian/swupdate@2026.05%2Bdfsg-3?distro=trixie
purl pkg:deb/debian/swupdate@2026.05%2Bdfsg-3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/swupdate@2026.05%252Bdfsg-3%3Fdistro=trixie
Affected_packages
0
url pkg:deb/debian/swupdate@2020.11-2%2Bdeb11u1?distro=trixie
purl pkg:deb/debian/swupdate@2020.11-2%2Bdeb11u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3h5r-u3s3-q3cw
1
vulnerability VCID-4qed-ypyn-h7g8
2
vulnerability VCID-5eyj-mkr1-jqbc
3
vulnerability VCID-8k5u-kan2-bfbp
4
vulnerability VCID-a5fa-6njr-dkff
5
vulnerability VCID-cj9v-dzp9-5bh7
6
vulnerability VCID-es9g-3cr2-4uch
7
vulnerability VCID-f75j-a76g-kugg
8
vulnerability VCID-gtby-yxnr-xkek
9
vulnerability VCID-hhe3-54hd-uuf5
10
vulnerability VCID-m2sa-chn1-7uep
11
vulnerability VCID-mxz3-pufp-6kc9
12
vulnerability VCID-n7j2-ujf3-hfb1
13
vulnerability VCID-pwhy-vp1d-dbhs
14
vulnerability VCID-t76j-dv6s-xyes
15
vulnerability VCID-tyce-5v2b-v3d9
16
vulnerability VCID-unah-qwxd-fkhm
17
vulnerability VCID-vna9-pan1-27hj
18
vulnerability VCID-vr12-852j-8ugs
19
vulnerability VCID-wjb8-s5ks-4qek
20
vulnerability VCID-ye6t-yc3z-y7e6
21
vulnerability VCID-yn62-zvfs-hubf
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/swupdate@2020.11-2%252Bdeb11u1%3Fdistro=trixie
1
url pkg:deb/debian/swupdate@2020.11-2%2Bdeb11u1
purl pkg:deb/debian/swupdate@2020.11-2%2Bdeb11u1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3h5r-u3s3-q3cw
1
vulnerability VCID-4qed-ypyn-h7g8
2
vulnerability VCID-5eyj-mkr1-jqbc
3
vulnerability VCID-8k5u-kan2-bfbp
4
vulnerability VCID-a5fa-6njr-dkff
5
vulnerability VCID-cj9v-dzp9-5bh7
6
vulnerability VCID-es9g-3cr2-4uch
7
vulnerability VCID-f75j-a76g-kugg
8
vulnerability VCID-gtby-yxnr-xkek
9
vulnerability VCID-hhe3-54hd-uuf5
10
vulnerability VCID-m2sa-chn1-7uep
11
vulnerability VCID-mxz3-pufp-6kc9
12
vulnerability VCID-n7j2-ujf3-hfb1
13
vulnerability VCID-pwhy-vp1d-dbhs
14
vulnerability VCID-t76j-dv6s-xyes
15
vulnerability VCID-tyce-5v2b-v3d9
16
vulnerability VCID-unah-qwxd-fkhm
17
vulnerability VCID-vna9-pan1-27hj
18
vulnerability VCID-vr12-852j-8ugs
19
vulnerability VCID-wjb8-s5ks-4qek
20
vulnerability VCID-ye6t-yc3z-y7e6
21
vulnerability VCID-yn62-zvfs-hubf
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/swupdate@2020.11-2%252Bdeb11u1
2
url pkg:deb/debian/swupdate@2022.12%2Bdfsg-4%2Bdeb12u2?distro=trixie
purl pkg:deb/debian/swupdate@2022.12%2Bdfsg-4%2Bdeb12u2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3h5r-u3s3-q3cw
1
vulnerability VCID-4qed-ypyn-h7g8
2
vulnerability VCID-5eyj-mkr1-jqbc
3
vulnerability VCID-8k5u-kan2-bfbp
4
vulnerability VCID-a5fa-6njr-dkff
5
vulnerability VCID-cj9v-dzp9-5bh7
6
vulnerability VCID-f75j-a76g-kugg
7
vulnerability VCID-gtby-yxnr-xkek
8
vulnerability VCID-hhe3-54hd-uuf5
9
vulnerability VCID-m2sa-chn1-7uep
10
vulnerability VCID-mxz3-pufp-6kc9
11
vulnerability VCID-pwhy-vp1d-dbhs
12
vulnerability VCID-vr12-852j-8ugs
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/swupdate@2022.12%252Bdfsg-4%252Bdeb12u2%3Fdistro=trixie
3
url pkg:deb/debian/swupdate@2022.12%2Bdfsg-4%2Bdeb12u2
purl pkg:deb/debian/swupdate@2022.12%2Bdfsg-4%2Bdeb12u2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3h5r-u3s3-q3cw
1
vulnerability VCID-4qed-ypyn-h7g8
2
vulnerability VCID-5eyj-mkr1-jqbc
3
vulnerability VCID-8k5u-kan2-bfbp
4
vulnerability VCID-a5fa-6njr-dkff
5
vulnerability VCID-cj9v-dzp9-5bh7
6
vulnerability VCID-f75j-a76g-kugg
7
vulnerability VCID-gtby-yxnr-xkek
8
vulnerability VCID-hhe3-54hd-uuf5
9
vulnerability VCID-m2sa-chn1-7uep
10
vulnerability VCID-mxz3-pufp-6kc9
11
vulnerability VCID-pwhy-vp1d-dbhs
12
vulnerability VCID-vr12-852j-8ugs
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/swupdate@2022.12%252Bdfsg-4%252Bdeb12u2
4
url pkg:deb/debian/swupdate@2024.12.1%2Bdfsg-3%2Bdeb13u2?distro=trixie
purl pkg:deb/debian/swupdate@2024.12.1%2Bdfsg-3%2Bdeb13u2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3h5r-u3s3-q3cw
1
vulnerability VCID-4qed-ypyn-h7g8
2
vulnerability VCID-5eyj-mkr1-jqbc
3
vulnerability VCID-8k5u-kan2-bfbp
4
vulnerability VCID-a5fa-6njr-dkff
5
vulnerability VCID-cj9v-dzp9-5bh7
6
vulnerability VCID-f75j-a76g-kugg
7
vulnerability VCID-gtby-yxnr-xkek
8
vulnerability VCID-m2sa-chn1-7uep
9
vulnerability VCID-mxz3-pufp-6kc9
10
vulnerability VCID-vr12-852j-8ugs
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/swupdate@2024.12.1%252Bdfsg-3%252Bdeb13u2%3Fdistro=trixie
5
url pkg:deb/debian/swupdate@2024.12.1%2Bdfsg-3%2Bdeb13u2
purl pkg:deb/debian/swupdate@2024.12.1%2Bdfsg-3%2Bdeb13u2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3h5r-u3s3-q3cw
1
vulnerability VCID-4qed-ypyn-h7g8
2
vulnerability VCID-5eyj-mkr1-jqbc
3
vulnerability VCID-8k5u-kan2-bfbp
4
vulnerability VCID-a5fa-6njr-dkff
5
vulnerability VCID-cj9v-dzp9-5bh7
6
vulnerability VCID-f75j-a76g-kugg
7
vulnerability VCID-gtby-yxnr-xkek
8
vulnerability VCID-m2sa-chn1-7uep
9
vulnerability VCID-mxz3-pufp-6kc9
10
vulnerability VCID-vr12-852j-8ugs
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/swupdate@2024.12.1%252Bdfsg-3%252Bdeb13u2
References
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-5246
reference_id
reference_type
scores
0
value 0.00028
scoring_system epss
scoring_elements 0.08393
published_at 2026-06-05T12:55:00Z
1
value 0.00028
scoring_system epss
scoring_elements 0.08328
published_at 2026-06-08T12:55:00Z
2
value 0.00028
scoring_system epss
scoring_elements 0.08384
published_at 2026-06-07T12:55:00Z
3
value 0.00028
scoring_system epss
scoring_elements 0.08404
published_at 2026-06-06T12:55:00Z
4
value 0.00029
scoring_system epss
scoring_elements 0.0876
published_at 2026-06-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-5246
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-5246
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-5246
2
reference_url https://github.com/cesanta/mongoose/commit/0d882f1b43ff2308b7486a56a9d60cd6dba8a3f1
reference_id 0d882f1b43ff2308b7486a56a9d60cd6dba8a3f1
reference_type
scores
0
value 5.1
scoring_system cvssv2
scoring_elements AV:N/AC:H/Au:N/C:P/I:P/A:P/E:POC/RL:OF/RC:C
1
value 5.6
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C
2
value 5.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C
3
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-02T13:06:36Z/
url https://github.com/cesanta/mongoose/commit/0d882f1b43ff2308b7486a56a9d60cd6dba8a3f1
3
reference_url https://vuldb.com/vuln/354827
reference_id 354827
reference_type
scores
0
value 5.1
scoring_system cvssv2
scoring_elements AV:N/AC:H/Au:N/C:P/I:P/A:P/E:POC/RL:OF/RC:C
1
value 5.6
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C
2
value 5.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C
3
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-02T13:06:36Z/
url https://vuldb.com/vuln/354827
4
reference_url https://github.com/cesanta/mongoose/releases/tag/7.21
reference_id 7.21
reference_type
scores
0
value 5.1
scoring_system cvssv2
scoring_elements AV:N/AC:H/Au:N/C:P/I:P/A:P/E:POC/RL:OF/RC:C
1
value 5.6
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C
2
value 5.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C
3
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-02T13:06:36Z/
url https://github.com/cesanta/mongoose/releases/tag/7.21
5
reference_url https://vuldb.com/submit/770104
reference_id 770104
reference_type
scores
0
value 5.1
scoring_system cvssv2
scoring_elements AV:N/AC:H/Au:N/C:P/I:P/A:P/E:POC/RL:OF/RC:C
1
value 5.6
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C
2
value 5.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C
3
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-02T13:06:36Z/
url https://vuldb.com/submit/770104
6
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:cesanta:mongoose:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:cesanta:mongoose:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:cesanta:mongoose:*:*:*:*:*:*:*:*
7
reference_url https://vuldb.com/vuln/354827/cti
reference_id cti
reference_type
scores
0
value 5.1
scoring_system cvssv2
scoring_elements AV:N/AC:H/Au:N/C:P/I:P/A:P/E:POC/RL:OF/RC:C
1
value 5.6
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C
2
value 5.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C
3
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-02T13:06:36Z/
url https://vuldb.com/vuln/354827/cti
8
reference_url https://github.com/cesanta/mongoose/
reference_id mongoose
reference_type
scores
0
value 5.1
scoring_system cvssv2
scoring_elements AV:N/AC:H/Au:N/C:P/I:P/A:P/E:POC/RL:OF/RC:C
1
value 5.6
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C
2
value 5.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C
3
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-02T13:06:36Z/
url https://github.com/cesanta/mongoose/
Weaknesses
0
cwe_id 285
name Improper Authorization
description The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.
1
cwe_id 639
name Authorization Bypass Through User-Controlled Key
description The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.
Exploits
Severity_range_score5.1 - 6.3
Exploitability0.5
Weighted_severity5.7
Risk_score2.9
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-4qed-ypyn-h7g8