Integer overflow in Mongodb
CVE-2026-6914
Computing the MD5 checksum of a malformed BSON object under specific conditions may cause loss of availability in MongoDB server. This issue affects all MongoDB Server v8.2 versions, all MongoDB Server v8.1 versions, MongoDB Server v8.0 ve…
EPSS: 0.001 (22.5th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 6.5 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H.
Affected products
- Mongodb
- Mongodb Server — versions 8.2.0, 8.1.0, 8.0.0
Weakness classification (CWE)
References
- cna@mongodb.com (Patch, Issue Tracking)
Frequently asked questions
- What is CVE-2026-6914?
- CVE-2026-6914 is a medium-severity vulnerability in Mongodb, classified under Integer Underflow. CVSS score: 6.5/10. Published 2026-04-29.
- How severe is CVE-2026-6914?
- Medium severity. CVSS v3 base score is 6.5 out of 10.