CVE-2026-2966 | Cesanta Mongoose up to 7.20 DNS Transaction ID /src/dns.c mg_sendnsreq random random values

A vulnerability was found in Cesanta Mongoose up to 7.20. It has been declared as problematic. The impacted element is the function mg_sendnsreq of the file /src/dns.c of the component DNS Transaction ID Handler. Executing a manipulation of the argument random can lead to insufficiently random values.

This vulnerability is tracked as CVE-2026-2966. The attack can be launched remotely. Moreover, an exploit is present.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-2966 | Cesanta Mongoose up to 7.20 DNS Transaction ID /src/dns.c mg_sendnsreq random random values

Post correlati

CVE-2024-33305 | SourceCodester Laboratory Management System 1.0 Create User Middle Name cross site scripting

CVE-2024-12947 | Codezips Hospital Management System 1.0 /invo.php dname sql injection

CVE-2024-13112 | WP MediaTagger Plugin up to 4.1.1 on WordPress cross site scripting

CVE-2025-23522 | HM Portfolio Plugin up to 1.1.1 on WordPress cross site scripting