What is CVE-2026-6811?

CVE-2026-6811 is a medium-severity vulnerability in Mongodb Inc. Php Driver, classified under Uncontrolled Recursion. CVSS score: 5.9/10. Published 2026-05-14.

How severe is CVE-2026-6811?

Medium severity. CVSS v3 base score is 5.9 out of 10.

Vulnerability in Mongodb Inc. Php Driver

CVE-2026-6811

Stack exhaustion vulnerability in the MongoDB PHP driver can cause application crashes when processing deeply nested BSON documents in unusual circumstances when the source of these BSON documents is not MongoDB Server.

EPSS: 0.000 (3.9th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 5.9 (Medium). Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H.

Affected products

Mongodb Inc. Php Driver — versions 1.21.5, 2.1.8

Weakness classification (CWE)

CWE-674 — Uncontrolled Recursion

References

cna@mongodb.com

Frequently asked questions

What is CVE-2026-6811?: CVE-2026-6811 is a medium-severity vulnerability in Mongodb Inc. Php Driver, classified under Uncontrolled Recursion. CVSS score: 5.9/10. Published 2026-05-14.
How severe is CVE-2026-6811?: Medium severity. CVSS v3 base score is 5.9 out of 10.