REPRO-2026-00126 CRITICAL RCE Verified

Cesanta Mongoose mDNS Stack Buffer Overflow - Remote Code Execution PoC

cesanta/mongoose (github) Apr 2, 2026

Open in Codespaces Download Script Download Variant Script

Confidence HIGH

Reproduced in 53m 53s

Tool calls 260

Affected <= 7.20

Fixed in 7.21

What's the vulnerability?

Stack-based buffer overflow in Cesanta Mongoose mDNS record handler (handle_mdns_record in mongoose.c) allows remote unauthenticated attackers to execute arbitrary code. The vulnerability exists in v7.20 and earlier, fixed in v7.21.

Root Cause Analysis

Variant Analysis

Bypass and alternate trigger exploration (if present).

One Command

Verify with pruva-verify

Run the Pruva CLI to automatically fetch and execute the reproduction script.

pruva-verify REPRO-2026-00126

or pruva-verify CVE-2026-5245

Install: curl -fsSL https://pruva.dev/install.sh | sh

Or Run Manually

Download the script

curl -O https://pruva.dev/api/v1/reproductions/REPRO-2026-00126/artifacts/repro/reproduction_steps.sh

Make executable

chmod +x reproduction_steps.sh

Run the script

./reproduction_steps.sh

Run in a VM, container, or disposable environment. This exploits a real vulnerability.

How Pruva Reproduced This

Watch the AI agent's step-by-step process.

Loading session...

Artifacts

repro/rca_report.md7.3 KB

repro/reproduction_steps.sh5.3 KB

vuln_variant/rca_report.md6.7 KB

vuln_variant/reproduction_steps.sh10.1 KB

coding/proposed_fix.diff3.9 KB

bundle/ticket.json4.5 KB

bundle/AGENTS.repro.md0.8 KB

bundle/ticket.md4.0 KB

repro/runtime_manifest.json0.5 KB

repro/validation_verdict.json1.0 KB

logs/build.log0.0 KB

logs/test_vuln618.6 KB

logs/server.log3.4 KB

logs/exploit.py0.8 KB

logs/exploit.log0.3 KB

vuln_variant/variant_manifest.json2.3 KB

vuln_variant/variant_result.txt0.9 KB

vuln_variant/runtime_manifest.json1.5 KB

vuln_variant/source_identity.json0.7 KB

vuln_variant/patch_analysis.md3.6 KB

vuln_variant/validation_verdict.json2.1 KB

vuln_variant/root_cause_equivalence.json1.5 KB

repro/quick_test.py0.5 KB

logs/variant_test619.7 KB

logs/server_variant.log0.2 KB

logs/server_fixed.log0.2 KB

logs/test_txt_variant619.0 KB

logs/build_variant.log0.0 KB

logs/build_txt_variant.log0.0 KB

logs/build_fixed.log0.0 KB

logs/exploit_fixed.log0.3 KB

logs/exploit_variants.py1.4 KB

logs/exploit_vuln.log0.2 KB

logs/server_test.log3.9 KB

logs/server_vuln.log0.0 KB

logs/exploit_variant.log0.3 KB

logs/variant_test_fixed620.2 KB

logs/exploit_txt.py1.4 KB

coding/tmp_verify/send_ptr_query.py0.8 KB

coding/tmp_verify/mdns_verify_harness.c1.2 KB

coding/tmp_verify/mdns_verify619.7 KB

coding/logs/fixed_server.log3.4 KB

coding/logs/fixed_trigger.log0.0 KB

coding/logs/build_vuln.log0.0 KB

coding/logs/build_fixed.log0.0 KB

coding/logs/vuln_trigger.log0.0 KB

coding/logs/vuln_server.log3.8 KB

coding/verify_fix.sh5.1 KB

coding/summary_report.md2.7 KB