diff --git a/package/mongoose/0001-Fix-body-length-calculation-in-mg_handle_cgi.patch b/package/mongoose/0001-Fix-body-length-calculation-in-mg_handle_cgi.patch
deleted file mode 100644
index a696042436..0000000000
--- a/package/mongoose/0001-Fix-body-length-calculation-in-mg_handle_cgi.patch
+++ /dev/null
@@ -1,46 +0,0 @@
-From 9e93f71556f8d5ba62fccec46ee5689e385d6d37 Mon Sep 17 00:00:00 2001
-From: Deomid Ryabkov <rojer@cesanta.com>
-Date: Mon, 13 Aug 2018 15:50:01 +0300
-Subject: [PATCH] Fix body length calculation in mg_handle_cgi
-
-Fixes https://nvd.nist.gov/vuln/detail/CVE-2018-10945
-
-CL: mg: Fix body length calculation in mg_handle_cgi
-
-PUBLISHED_FROM=0c30cf36fdb67c75f6148468701e23d6ee72d953
-
-[Thomas: backported from upstream commit
-f33d3a4e0225d6e009b90193402141025e9ea74d, dropping the changes in
-src/mg_http_cgi.c, because back in 6.7, the initial mongoose sources
-were not in the tree, only the amalgamated version.]
-Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
----
- mongoose.c | 5 ++---
- 1 file changed, 2 insertions(+), 3 deletions(-)
-
-diff --git a/mongoose.c b/mongoose.c
-index 7e55896..f5b0177 100644
---- a/mongoose.c
-+++ b/mongoose.c
-@@ -8308,7 +8308,6 @@ MG_INTERNAL void mg_handle_cgi(struct mg_connection *nc, const char *prog,
- 
-   if (mg_start_process(opts->cgi_interpreter, prog, blk.buf, blk.vars, dir,
-                        fds[1]) != 0) {
--    size_t n = nc->recv_mbuf.len - (hm->message.len - hm->body.len);
-     struct mg_connection *cgi_nc =
-         mg_add_sock(nc->mgr, fds[0], mg_cgi_ev_handler);
-     struct mg_http_proto_data *cgi_pd = mg_http_get_proto_data(cgi_nc);
-@@ -8316,8 +8315,8 @@ MG_INTERNAL void mg_handle_cgi(struct mg_connection *nc, const char *prog,
-     cgi_pd->cgi.cgi_nc->user_data = nc;
-     nc->flags |= MG_F_USER_1;
-     /* Push POST data to the CGI */
--    if (n > 0 && n < nc->recv_mbuf.len) {
--      mg_send(cgi_pd->cgi.cgi_nc, hm->body.p, n);
-+    if (hm->body.len > 0) {
-+      mg_send(cgi_pd->cgi.cgi_nc, hm->body.p, hm->body.len);
-     }
-     mbuf_remove(&nc->recv_mbuf, nc->recv_mbuf.len);
-   } else {
--- 
-2.14.4
-
diff --git a/package/mongoose/mongoose.hash b/package/mongoose/mongoose.hash
index 20023382f5..86ebe8efbf 100644
--- a/package/mongoose/mongoose.hash
+++ b/package/mongoose/mongoose.hash
@@ -1,3 +1,3 @@
 # Locally computed:
-sha256	ccc971298db70963d3f13766c3246a3c36ae7e388acfab7ba2180149d9c8c64f  mongoose-6.7.tar.gz
-sha256	24a854f7af0b1b2bb0f3b7734fa5d2cef8c673f298697b86a6067dcdaa18bc88  LICENSE
+sha256	ec7956b8f2845f6c22e19ab38a0c32c9b379087f0038c7db661b34812f225911  mongoose-6.13.tar.gz
+sha256	fdc34eeea97327d75c83492abd34f1a3200c53dec04422ecda8071dc60a36d10  LICENSE
diff --git a/package/mongoose/mongoose.mk b/package/mongoose/mongoose.mk
index e2149e06e8..653c83c7d4 100644
--- a/package/mongoose/mongoose.mk
+++ b/package/mongoose/mongoose.mk
@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-MONGOOSE_VERSION = 6.7
+MONGOOSE_VERSION = 6.13
 MONGOOSE_SITE = $(call github,cesanta,mongoose,$(MONGOOSE_VERSION))
 MONGOOSE_LICENSE = GPL-2.0
 MONGOOSE_LICENSE_FILES = LICENSE