PT-2026-35956 · Mongodb · Mongodb Server+1

Published

2026-04-29

Updated

2026-05-08

CVE-2026-6914

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions MongoDB Server versions 8.2 MongoDB Server versions 8.1 MongoDB Server versions prior to 8.0.21 MongoDB Server versions prior to 7.0.32

Description Computing the MD5 checksum of a malformed BSON (Binary JSON) object under specific conditions may cause loss of availability in the server.

Recommendations Update MongoDB Server 8.0 to version 8.0.21 or later. Update MongoDB Server 7.0 to version 7.0.32 or later. At the moment, there is no information about a newer version that contains a fix for this vulnerability for versions 8.1 and 8.2.

Fix

Integer Underflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-191

Related Identifiers

BIT-MONGODB-2026-6914

CVE-2026-6914

Affected Products

Mongodb Server

Mongodb

PT-2026-35956 · Mongodb · Mongodb Server+1

CVE-2026-6914

Weakness Enumeration

Related Identifiers

Affected Products

References · 8