CVE-2026-9100 Heap memory out of bounds read and crash in C Driver legacy GridFS file reader

The MongoDB C Driver's legacy GridFS API accepts malformed file metadata from the database without adequate validation. Crafted documents in a GridFS collection may cause any application that reads those files via the legacy API to either crash via a division-by-zero or silently leak process memo...

MongoDB C Driver 安全漏洞

The MongoDB C Driver is an open-source client driver library for connecting to and operating MongoDB databases in C-language programs. There is a security vulnerability in the MongoDB C Driver, which stems from the lack of proper validation of file metadata by the traditional GridFS API. This...

CVE-2026-6811

CVE-2026-6811 affects the MongoDB PHP driver, with a stack exhaustion condition that can cause application crashes when processing deeply nested BSON documents. The issue is triggered in unusual circumstances when the BSON source is not from a MongoDB Server, and it is characterized by high avail...

PT-2026-41131

Name of the Vulnerable Software and Affected Versions MongoDB PHP driver affected versions not specified Description A stack exhaustion issue occurs when processing deeply nested BSON Binary JSON documents. This can lead to application crashes in unusual circumstances, specifically when the BSON...

ROS-20260505-73-0076

A vulnerability in the bsonstringappend function of the libbson library of the MongoDB database management system driver is related to a buffer overflow in dynamic memory. Exploitation of the vulnerability could allow a remote attacker to cause a denial of service or memory corruption...

Astra Linux - уязвимость в mongo-c-driver

The bsonstringappend function in the MongoDB C Driver may be vulnerable to a buffer overflow. In this scenario, the function might attempt to allocate a buffer that is too small, which could lead to memory corruption in the neighboring heap memory. This issue affects versions of libbson prior to...

CVE-2026-6231

The bsonvalidate function may return early on specific inputs and incorrectly report success. This behavior could result in skipping validation for BSON data, allowing malformed or invalid UTF-8 sequences to bypass validation and be processed incorrectly. The issue may affect applications that re...

bson_validate may skip validation when processing certain inputs

The bsonvalidate function may return early on specific inputs and incorrectly report success. This behavior could result in skipping validation for BSON data, allowing malformed or invalid UTF-8 sequences to bypass validation and be processed incorrectly. The issue may affect applications that re...

Linux Distros Unpatched Vulnerability : CVE-2026-6231

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The bsonvalidate function may return early on specific inputs and incorrectly report success. This behavior could result in skipping validation for BSON data,...

CVE-2026-4359

MongoDB C driver is affected by CVE-2026-4359: a compromised cloud server or MITM can send a malformed HTTP response that causes a crash in applications using the driver. Affected component: the MongoDB C driver’s HTTP response handling. Root cause: malformed HTTP response handling leading to a c...

CVE-2026-4359

A compromised third party cloud server or man-in-the-middle attacker could send a malformed HTTP response and cause a crash in applications using the MongoDB C driver...

Linux Distros Unpatched Vulnerability : CVE-2026-4359

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A compromised third party cloud server or man-in-the-middle attacker could send a malformed HTTP response and cause a crash in applications using the MongoDB C...

Permissive List of Allowed Inputs

Overview Affected versions of this package are vulnerable to Permissive List of Allowed Inputs due to incorrect handling of string termination in the GSSAPI standard during authentication on Linux and macOS. An attacker can cause an application crash or leak information by triggering a read...

PT-2026-7457

The mongo-go-driver repository contains CGo bindings for GSSAPI Kerberos authentication on Linux and macOS. The C wrapper implementation contains a heap out-of-bounds read vulnerability due to incorrect assumptions about string termination in the GSSAPI standard. Since GSSAPI buffers are not...

MongoDB Go Driver 安全漏洞

The MongoDB Go Driver is an open-source library written in Go language by MongoDB. There is a security vulnerability in the MongoDB Go Driver, which stems from an incorrect assumption in the C wrapper implementation regarding the termination of GSSAPI standard strings. This vulnerability may lead...

SUSE CVE-2021-20329

Specific cstrings input may not be properly validated in the MongoDB Go Driver when marshalling Go objects into BSON. A malicious user could use a Go object with specific string to potentially inject additional fields into marshalled documents. This issue affects all MongoDB GO Drivers prior to a...

GHSA-MWCC-7VPP-XMV9 MongoDB driver extension affected by mongoc_bulk_operation_t's read of invalid memory

A mongocbulkoperationt may read invalid memory if large options are passed...

EUVD-2021-2135

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2023-0437

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When calling bsonutf8validate on some inputs a loop with an exit condition that cannot be reached may occur, i.e. an infinite loop. This issue affects All Mongo...

UBUNTU-CVE-2024-7553

Incorrect validation of files loaded from a local untrusted directory may allow local privilege escalation if the underlying operating systems is Windows. This may result in the application executing arbitrary behaviour determined by the contents of untrusted files. This issue affects MongoDB...