IsItPatchedInstant security status for any software version
← All products

CVE-2015-1609

MEDIUM severity · CVSS 5 · Improper input validation
5CVSS MEDIUM

Summary

MongoDB before 2.4.13 and 2.6.x before 2.6.8 allows remote attackers to cause a denial of service via a crafted UTF-8 string in a BSON request.

Impact & exploitability

Attack vectorNetwork
Attack complexityLow
Privileges required
User interaction
Confidentiality impactNone
Integrity impactNone
Availability impact
Exploit probability (EPSS)2%

AV:N/AC:L/Au:N/C:N/I:N/A:P

Affected products we track (1)

MongoDB

Recommendation

Apply the vendor fix in your normal patch cycle. Open any affected product above for its exact safe version.

Additional information

Last checked: Wed, 10 Jun 2026 22:18:30 UTC