CVE-2026-6914

EPSS 0.04%
Veröffentlicht 29.04.2026 17:16:41
Zuletzt bearbeitet 06.05.2026 20:11:08
Quelle cna@mongodb.com
CVE-Watchlists
Login
Unerledigt
Login

MD5 checksum creation may cause availability loss

Computing the MD5 checksum of a malformed BSON object under specific conditions may cause loss of availability in MongoDB server.
This issue affects all MongoDB Server v8.2 versions, all MongoDB Server v8.1 versions, MongoDB Server v8.0 versions prior to 8.0.21, MongoDB Server v7.0 versions prior to 7.0.32

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 4

NVD 3 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Mongodb ≫ Mongodb SwEdition- Version >= 7.0.0 < 7.0.32

Mongodb ≫ Mongodb SwEdition- Version >= 8.0.0 < 8.0.21

Mongodb ≫ Mongodb SwEdition- Version >= 8.1.0 < 8.2.7

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.04%	0.124

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
cna@mongodb.com	7.1	0	0	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
cna@mongodb.com	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE-191 Integer Underflow (Wrap or Wraparound)

The product subtracts one value from another, such that the result is less than the minimum allowable integer value, which produces a value that is not equal to the correct result.

https://jira.mongodb.org/browse/SERVER-119981

Patch

Issue Tracking

https://nvd.nist.gov/vuln/detail/CVE-2026-6914

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-6914

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-6914

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2026-6914