CVE-2026-6691 MongoDB C Driver Cyrus SASL Canonicalization Buffer Overflow

The MongoDB C Driver's Cyrus SASL integration performs unsafe string copying during username canonicalization, enabling a heap buffer overflow before any authentication or network traffic. This may be triggered by passing untrusted input in the username of a MongoDB URI with authMechanism=GSSAPI...

[SECURITY] Fedora 42 Update: mongo-c-driver-1.30.7-2.fc42

mongo-c-driver is a client library written in C for MongoDB...

[SECURITY] Fedora 43 Update: mongo-c-driver-1.30.7-2.fc43

mongo-c-driver is a client library written in C for MongoDB...

[SECURITY] Fedora 44 Update: mongo-c-driver-1.30.7-2.fc44

mongo-c-driver is a client library written in C for MongoDB...

OESA-2026-1745 mongo-c-driver security update

mongo-c-driver is a project that includes two libraries: libmongoc, a client library written in C for MongoDB. libbson, a library providing useful routines related to building, parsing, and iterating BSON documents. Security Fixes: A mongocbulkoperationt may read invalid memory if large options a...

CVE-2026-20165

In Splunk Enterprise versions below 10.2.1, 10.0.4, 9.4.9, and 9.3.10, and Splunk Cloud Platform versions below 10.2.2510.7, 10.1.2507.17, 10.0.2503.12, and 9.3.2411.124, a low-privileged user that does not hold the "admin" or "power" Splunk roles could retrieve sensitive information by inspectin...

mongodb-client-encryption vulnerable to Improper Certificate Validation

A specific version of the Node.js mongodb-client-encryption module does not perform correct validation of the KMS server’s certificate. This vulnerability in combination with a privileged network position active MITM attack could result in interception of traffic between the Node.js driver and th...

GHSA-RJMF-P882-645M mongodb-client-encryption vulnerable to Improper Certificate Validation

A specific version of the Node.js mongodb-client-encryption module does not perform correct validation of the KMS server’s certificate. This vulnerability in combination with a privileged network position active MITM attack could result in interception of traffic between the Node.js driver and th...

CVE-2021-20327

A specific version of the Node.js mongodb-client-encryption module does not perform correct validation of the KMS server’s certificate. This vulnerability in combination with a privileged network position active MITM attack could result in interception of traffic between the Node.js driver and th...

CVE-2021-20327

A specific version of the Node.js mongodb-client-encryption module does not perform correct validation of the KMS server’s certificate. This vulnerability in combination with a privileged network position active MITM attack could result in interception of traffic between the Node.js driver and th...

CVE-2021-20327

CVE-2021-20327 affects the Node.js mongodb-client-encryption library, specifically version 1.2.0, which does not perform proper validation of the KMS server certificate. This can enable an attacker with privileged network access to perform a MITM and intercept traffic between the Node.js driver a...

MongoDB Node.js client side field level encryption library may not be validating KMS certificate

A specific version of the Node.js mongodb-client-encryption module does not perform correct validation of the KMS server’s certificate. This vulnerability in combination with a privileged network position active MITM attack could result in interception of traffic between the Node.js driver and th...

PT-2021-13886 · Mongodb · Mongodb-Client-Encryption

Name of the Vulnerable Software and Affected Versions: mongodb-client-encryption module version 1.2.0 Description: The issue arises from the mongodb-client-encryption module's failure to correctly validate the KMS server's certificate. This could allow an attacker with a privileged network positi...

UBUNTU-CVE-2016-6494

The client in MongoDB uses world-readable permissions on .dbshell history files, which might allow local users to obtain sensitive information by reading these files...