PT-2026-41790

Name of the Vulnerable Software and Affected Versions OpenTelemetry eBPF Instrumentation versions 0.1.0 through 0.8.0 Description Malformed MongoDB wire messages can trigger uncaught panics in the MongoDB TCP parser, allowing a remote unauthenticated attacker to crash the telemetry agent and caus...

EUVD-2026-30490

Stack exhaustion vulnerability in the MongoDB PHP driver can cause application crashes when processing deeply nested BSON documents in unusual circumstances when the source of these BSON documents is not MongoDB Server...

Linux Distros Unpatched Vulnerability : CVE-2026-6811

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Stack exhaustion vulnerability in the MongoDB PHP driver can cause application crashes when processing deeply nested BSON documents in unusual circumstances whe...

DEBIAN-CVE-2026-6811

Stack exhaustion vulnerability in the MongoDB PHP driver can cause application crashes when processing deeply nested BSON documents in unusual circumstances when the source of these BSON documents is not MongoDB Server...

CVE-2026-6811

Stack exhaustion vulnerability in the MongoDB PHP driver can cause application crashes when processing deeply nested BSON documents in unusual circumstances when the source of these BSON documents is not MongoDB Server...

CVE-2026-6811

Stack exhaustion vulnerability in the MongoDB PHP driver can cause application crashes when processing deeply nested BSON documents in unusual circumstances when the source of these BSON documents is not MongoDB Server...

CVE-2026-6811 PHP Stack Exhaustion

Stack exhaustion vulnerability in the MongoDB PHP driver can cause application crashes when processing deeply nested BSON documents in unusual circumstances when the source of these BSON documents is not MongoDB Server...

PHP Stack Exhaustion

Stack exhaustion vulnerability in the MongoDB PHP driver can cause application crashes when processing deeply nested BSON documents in unusual circumstances when the source of these BSON documents is not MongoDB Server...

CVE-2026-6811 PHP Stack Exhaustion

Stack exhaustion vulnerability in the MongoDB PHP driver can cause application crashes when processing deeply nested BSON documents in unusual circumstances when the source of these BSON documents is not MongoDB Server...

PT-2026-41131

Name of the Vulnerable Software and Affected Versions MongoDB PHP driver affected versions not specified Description A stack exhaustion issue occurs when processing deeply nested BSON Binary JSON documents. This can lead to application crashes in unusual circumstances, specifically when the BSON...

CVE-2026-44425

ShellHub is a centralized SSH gateway. Prior to 0.24.2, the device list endpoint accepts user-controlled identifiers in the the name field of each filter property in the base64-encoded filter query parameter and the sortby query parameter, which are then passed directly as BSON/SQL keys in the...

CVE-2026-44425

CVE-2026-44425 affects ShellHub, a centralized SSH gateway. The device list endpoint accepts user-controlled identifiers in the filter name and in the sort_by parameter, passes them as BSON/SQL keys without validation, enabling authenticated users to craft payloads that trigger aggregation/query ...

CVE-2026-8053

MongoDB Server’s time-series collection implementation is affected by an issue in the time-series bucket catalog where an inconsistency in the internal field-name-to-index mapping can cause an out-of-bounds memory write in mongod. The vulnerability requires an authenticated user with database wri...

BIT-MONGODB-2026-6914 MD5 checksum creation may cause availability loss

Computing the MD5 checksum of a malformed BSON object under specific conditions may cause loss of availability in MongoDB server. This issue affects all MongoDB Server v8.2 versions, all MongoDB Server v8.1 versions, MongoDB Server v8.0 versions prior to 8.0.21, MongoDB Server v7.0 versions prior...

PT-2026-39160

Computing the MD5 checksum of a malformed BSON object under specific conditions may cause loss of availability in MongoDB server. This issue affects all MongoDB Server v8.2 versions, all MongoDB Server v8.1 versions, MongoDB Server v8.0 versions prior to 8.0.21, MongoDB Server v7.0 versions prior...

ShellHub has crash-DoS via field injection in filter and sort-by parameters

Summary The device list endpoint accepts user-controlled identifiers in two places that are passed directly as BSON/SQL keys in the database layer without validation: 1. The name field of each filter property in the base64-encoded filter query parameter. 2. The sortby query parameter. Any...

PT-2026-38315

Name of the Vulnerable Software and Affected Versions ShellHub versions prior to 0.24.2 Description The device list endpoint accepts user-controlled identifiers that are passed directly as BSON/SQL keys in the database layer without validation. This occurs in the name field of each filter propert...

Astra Linux - уязвимость в mongo-c-driver

The bsonstringappend function in the MongoDB C Driver may be vulnerable to a buffer overflow. In this scenario, the function might attempt to allocate a buffer that is too small, which could lead to memory corruption in the neighboring heap memory. This issue affects versions of libbson prior to...

Astra Linux - уязвимость в mongo-c-driver

The various bsonappend functions in the MongoDB C driver library may be susceptible to buffer overflows when performing operations that could result in a final BSON document exceeding the maximum allowable size INT32MAX, leading to a segmentation fault and potentially causing the application to...

Astra Linux - уязвимость в pymongo

A out-of-bounds read in the ‘bson’ module of PyMongo 4.6.2 or earlier allows for deserialization of malformed BSON data provided by the server, which can trigger an exception that may contain arbitrary application memory...