CVE-2026-9100

The CVE-2026-9100 entry affects the MongoDB C Driver’s legacy GridFS API. The issue arises when reading GridFS metadata with the legacy API, where malformed metadata from the database can trigger a crash (division-by-zero) or an out-of-bounds read that leaks process memory. Reports in connected r...

CVE-2026-9100 Heap memory out of bounds read and crash in C Driver legacy GridFS file reader

The MongoDB C Driver's legacy GridFS API accepts malformed file metadata from the database without adequate validation. Crafted documents in a GridFS collection may cause any application that reads those files via the legacy API to either crash via a division-by-zero or silently leak process memo...

Heap memory out of bounds read and crash in C Driver legacy GridFS file reader

The MongoDB C Driver's legacy GridFS API accepts malformed file metadata from the database without adequate validation. Crafted documents in a GridFS collection may cause any application that reads those files via the legacy API to either crash via a division-by-zero or silently leak process memo...

CVE-2025-14911

User-controlled chunkSize metadata from MongoDB lacks appropriate validation allowing malformed GridFS metadata to overflow the bounding container...

MongoDB security vulnerabilities

MongoDB is a document-oriented database management system developed by MongoDB Corporation in the United States. There is a security vulnerability in MongoDB, which stems from insufficient validation of the chunkSize metadata. This vulnerability may lead to a overflow of the boundary container du...

PT-2026-4984

User-controlled chunkSize metadata from MongoDB lacks appropriate validation allowing malformed GridFS metadata to overflow the bounding container...