CVE-2026-6231

Name of the Vulnerable Software and Affected Versions MongoDB C Driver versions prior to 1.30.5 MongoDB C Driver version 2.0.0 MongoDB C Driver version 2.0.1

Description The bson validate() function may return early on specific inputs and incorrectly report success. This behavior could result in skipping validation for BSON data, allowing malformed or invalid UTF-8 sequences to bypass validation and be processed incorrectly. This issue may affect applications that rely on these functions to validate untrusted BSON data before further processing.

Recommendations Update versions prior to 1.30.5 to version 1.30.5. At the moment, there is no information about a newer version that contains a fix for version 2.0.0. At the moment, there is no information about a newer version that contains a fix for version 2.0.1. As a temporary workaround, consider restricting the use of the bson validate() function when processing untrusted BSON data.