Skip to main content

Mongodb C Driver

2 CVEs product

Monthly

CVE-2026-6691 HIGH This Week

Heap buffer overflow in MongoDB C Driver's Cyrus SASL integration allows local attackers to achieve code execution before authentication by providing a maliciously crafted username in a MongoDB URI with GSSAPI authentication. The vulnerability triggers during username canonicalization via unsafe string copying, requiring no privileges or user interaction. Exploitable against any application using the affected driver that processes untrusted MongoDB connection strings. No active exploitation confirmed (not in CISA KEV). EPSS data not provided. Vendor has acknowledged the issue via JIRA tracking (CDRIVER-6134).

Buffer Overflow Mongodb C Driver
NVD
CVSS 4.0
8.6
EPSS
0.0%
CVE-2026-4359 LOW PATCH Monitor

A compromised third party cloud server or man-in-the-middle attacker could send a malformed HTTP response and cause a crash in applications using the MongoDB C driver.

Denial Of Service Mongodb C Driver
NVD VulDB
CVSS 4.0
2.0
EPSS
0.0%
EPSS 0% CVSS 8.6
HIGH This Week

Heap buffer overflow in MongoDB C Driver's Cyrus SASL integration allows local attackers to achieve code execution before authentication by providing a maliciously crafted username in a MongoDB URI with GSSAPI authentication. The vulnerability triggers during username canonicalization via unsafe string copying, requiring no privileges or user interaction. Exploitable against any application using the affected driver that processes untrusted MongoDB connection strings. No active exploitation confirmed (not in CISA KEV). EPSS data not provided. Vendor has acknowledged the issue via JIRA tracking (CDRIVER-6134).

Buffer Overflow Mongodb C Driver
NVD
EPSS 0% CVSS 2.0
LOW PATCH Monitor

A compromised third party cloud server or man-in-the-middle attacker could send a malformed HTTP response and cause a crash in applications using the MongoDB C driver.

Denial Of Service Mongodb C Driver
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy