Mongoose Network Library Critical Vulnerabilities: Preauth RCE and mTLS Bypass

The post highlights three vulnerabilities in the Mongoose network library version 7.20 and earlier. These include CVE-2026-5244, a heap-based overflow in mg_tls_recv_cert; CVE-2026-5245, a stack-based overflow in mDNS record handling; and CVE-2026-5246, an authorization bypass via P-384 public keys. All vulnerabilities are described as exploitable, with the last noted as trivially exploitable. These security flaws affect millions of devices using the Mongoose network library and pose significant risks including remote code execution and authentication bypass.