PT-2026-25938 · Mongodb · Mongodb C Driver
Halil Oktay
·
Published
2026-01-01
·
Updated
2026-03-27
·
CVE-2026-4359
CVSS v3.1
3.7
Low
| Vector | AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L |
Name of the Vulnerable Software and Affected Versions
MongoDB C driver (affected versions not specified)
Description
A compromised third-party cloud server or a man-in-the-middle attacker could send a malformed HTTP response, leading to a crash in applications utilizing the MongoDB C driver. The issue involves a heap-buffer-over-read in the
mongoc http send function, specifically due to the use of strstr on a non-null-terminated buffer.Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Mongodb C Driver