IsItPatchedInstant security status for any software version
← All products

CVE-2026-6914

MEDIUM severity · CVSS 6.5 · CWE-191
6.5CVSS MEDIUM

Summary

Computing the MD5 checksum of a malformed BSON object under specific conditions may cause loss of availability in MongoDB server. This issue affects all MongoDB Server v8.2 versions, all MongoDB Server v8.1 versions, MongoDB Server v8.0 versions prior to 8.0.21, MongoDB Server v7.0 versions prior to 7.0.32

Impact & exploitability

Attack vectorNetwork
Attack complexityLow
Privileges requiredLow
User interactionNone
Confidentiality impactNone
Integrity impactNone
Availability impactHigh
Exploit probability (EPSS)0%

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Affected products we track (1)

MongoDB

Recommendation

Apply the vendor fix in your normal patch cycle. Open any affected product above for its exact safe version.

Official patch: https://jira.mongodb.org/browse/SERVER-119981 ↗

Additional information

Last checked: Wed, 10 Jun 2026 22:18:30 UTC