gogost.go   | 2 +-
 mgm/mode.go | 4 +++-
 news.texi   | 4 ++++

diff --git a/gogost.go b/gogost.go
index 60f8d57a0051b308b215918044bfff285072786de3500971413680425887b128..c1745891cc8a95c5ff2c2e8ce5f60dcb1d9e21b58924a2937cb962525c42d8fb 100644
--- a/gogost.go
+++ b/gogost.go
@@ -1,4 +1,4 @@
 // Pure Go GOST cryptographic functions library.
 package gogost
 
-const Version = "5.1.1"
+const Version = "5.2.0"
diff --git a/mgm/mode.go b/mgm/mode.go
index 414053de8d37f04295ed697b7968052d5a93c068fba6f8b4c16b34c50486658f..7676252e73d249ab3a82c70ce45af82b2b541c4951bf15ebcbfe59887ebe8a40 100644
--- a/mgm/mode.go
+++ b/mgm/mode.go
@@ -234,7 +234,9 @@
 func (mgm *MGM) Open(dst, nonce, ciphertext, additionalData []byte) ([]byte, error) {
 	mgm.validateNonce(nonce)
 	mgm.validateSizes(ciphertext, additionalData)
-	if uint64(len(ciphertext)-mgm.tagSize) > mgm.maxSize {
+	if len(ciphertext) < mgm.TagSize {
+		return nil, errors.New("ciphertext is too short")
+	}
 	if uint64(len(ciphertext)-mgm.TagSize) > mgm.MaxSize {
 		panic("ciphertext is too big")
 	}
diff --git a/news.texi b/news.texi
index 1699b282e1aa2f647542a9baf829388a30c464da54f490dae1d3ab8f2e11a310..2868a7a6283b4632fc21e13b0007a97c3880c8eee444f8999d1d6feb7151c1b5 100644
--- a/news.texi
+++ b/news.texi
@@ -3,6 +3,10 @@ @unnumbered News
 
 @table @strong
 
+@anchor{Release 5.2.0}
+@item 5.2.0
+    MGM does not panic when short (tagless) message is verified.
+
 @anchor{Release 5.1.1}
 @item 5.1.1
     Tarball uses vendoring, instead of @env{GOPATH} overriding.