CVE-2026-2303

CVSS v2.0

6.8

Medium

Vector

AV:N/AC:L/Au:S/C:N/I:C/A:N

Name of the Vulnerable Software and Affected Versions mongo-go-driver (affected versions not specified)

Description The software contains CGo bindings for GSSAPI (Kerberos) authentication on Linux and macOS. The C wrapper implementation has a heap out-of-bounds read issue because of incorrect assumptions about string termination in the GSSAPI standard. GSSAPI buffers are not guaranteed to be null-terminated or have extra padding, which leads to reading one byte past the allocated heap buffer.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Heap Based Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-183CWE-122

Related Identifiers

AZL-77525

AZL-77547

AZL-77559

BDU:2026-01861

CVE-2026-2303

Affected Products

Mongodb Go Driver

CVE-2026-2303

Weakness Enumeration

Related Identifiers

Affected Products

References · 8