Mongodb: >> C Driver >> 1.26.2 Security Vulnerabilities
The bson_validate function may return early on specific inputs and incorrectly report success. This behavior could result in skipping validation for BSON data, allowing malformed or invalid UTF-8 sequences to bypass validation and be processed incorrectly. The issue may affect applications that rely on these functions to validate untrusted BSON data before further processing. This issue affects MongoDB C Driver versions prior to 1.30.5, MongoDB C Driver version 2.0.0 and MongoDB C Driver version 2.0.1
CVSS Score
5.3
EPSS Score
0.001
Published
2026-04-13
A compromised third party cloud server or man-in-the-middle attacker could send a malformed HTTP response and cause a crash in applications using the MongoDB C driver.
CVSS Score
2.0
EPSS Score
0.0
Published
2026-03-17
A mongoc_bulk_operation_t may read invalid memory if large options are passed.
CVSS Score
6.9
EPSS Score
0.0
Published
2025-11-18