UBUNTU-CVE-2026-2968
- Source
- https://ubuntu.com/security/CVE-2026-2968
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-2968.json
- JSON Data
- https://api.osv.dev/v1/vulns/UBUNTU-CVE-2026-2968
- Upstream
- Published
- 2026-02-23T04:16:00Z
- Modified
- 2026-02-27T09:58:16Z
- Severity
-
- 3.7 (Low) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N CVSS Calculator
- 2.9 (Low) CVSS_V4 - CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P CVSS Calculator
- Ubuntu - medium
- Summary
- [none]
- Details
-
A vulnerability was detected in Cesanta Mongoose up to 7.20. This impacts the function mgchacha20poly1305decrypt of the file /src/tlschacha20.c of the component Poly1305 Authentication Tag Handler. The manipulation results in improper verification of cryptographic signature. The attack may be launched remotely. This attack is characterized by high complexity. The exploitability is said to be difficult. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
- References
-
- https://ubuntu.com/security/CVE-2026-2968
- https://www.cve.org/CVERecord?id=CVE-2026-2968
- https://github.com/dwBruijn/CVEs/blob/main/Mongoose/ChaCha20Poly1305.md
- https://github.com/dwBruijn/CVEs/blob/main/Mongoose/ChaCha20Poly1305.md#poc
- https://vuldb.com/?ctiid.347335
- https://vuldb.com/?id.347335
- https://vuldb.com/?submit.757091
Affected packages
Ubuntu:22.04:LTS / swupdate
Package
- Name
- swupdate
- Purl
- pkg:deb/ubuntu/swupdate@2021.11-1?arch=source&distro=jammy
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ecosystem specific
{
"binaries": [
{
"binary_version": "2021.11-1",
"binary_name": "libswupdate-dev"
},
{
"binary_version": "2021.11-1",
"binary_name": "libswupdate0.1"
},
{
"binary_version": "2021.11-1",
"binary_name": "lua-swupdate"
},
{
"binary_version": "2021.11-1",
"binary_name": "swupdate"
}
]
}
Ubuntu:24.04:LTS / swupdate
Package
- Name
- swupdate
- Purl
- pkg:deb/ubuntu/swupdate@2023.12.1+dfsg-1ubuntu5?arch=source&distro=noble
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
2023.*
2023.05+dfsg-3
2023.05+dfsg-4
2023.05+dfsg-4build1
2023.05+dfsg-5
2023.12+dfsg-1
2023.12.1+dfsg-1ubuntu1
2023.12.1+dfsg-1ubuntu4
2023.12.1+dfsg-1ubuntu5
Ecosystem specific
{
"binaries": [
{
"binary_version": "2023.12.1+dfsg-1ubuntu5",
"binary_name": "libswupdate-dev"
},
{
"binary_version": "2023.12.1+dfsg-1ubuntu5",
"binary_name": "libswupdate0.1"
},
{
"binary_version": "2023.12.1+dfsg-1ubuntu5",
"binary_name": "lua-swupdate"
},
{
"binary_version": "2023.12.1+dfsg-1ubuntu5",
"binary_name": "swupdate"
},
{
"binary_version": "2023.12.1+dfsg-1ubuntu5",
"binary_name": "swupdate-www"
}
]
}
Ubuntu:25.10 / swupdate
Package
- Name
- swupdate
- Purl
- pkg:deb/ubuntu/swupdate@2025.05+dfsg-2ubuntu1?arch=source&distro=questing
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
2024.*
2024.12.1+dfsg-1build2
2024.12.1+dfsg-2
2024.12.1+dfsg-3
2025.*
2025.05+dfsg-2ubuntu1
Ecosystem specific
{
"binaries": [
{
"binary_version": "2025.05+dfsg-2ubuntu1",
"binary_name": "libswupdate-dev"
},
{
"binary_version": "2025.05+dfsg-2ubuntu1",
"binary_name": "libswupdate0.1"
},
{
"binary_version": "2025.05+dfsg-2ubuntu1",
"binary_name": "lua-swupdate"
},
{
"binary_version": "2025.05+dfsg-2ubuntu1",
"binary_name": "swupdate"
},
{
"binary_version": "2025.05+dfsg-2ubuntu1",
"binary_name": "swupdate-www"
}
]
}