cbcvebase.
CVE-2026-6914
published 2026-04-29

CVE-2026-6914: Computing the MD5 checksum of a malformed BSON object under specific conditions may cause loss of availability in MongoDB server. This issue affects all…

PriorityP344high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EPSS
0.26%
16.7th percentile
Computing the MD5 checksum of a malformed BSON object under specific conditions may cause loss of availability in MongoDB server. This issue affects all MongoDB Server v8.2 versions, all MongoDB Server v8.1 versions, MongoDB Server v8.0 versions prior to 8.0.21, MongoDB Server v7.0 versions prior to 7.0.32

Affected

7 ranges
VendorProductVersion rangeFixed in
mongodbmongodb>= 7.0.0 < 7.0.327.0.32
mongodbmongodb>= 8.0.0 < 8.0.218.0.21
mongodbmongodb>= 8.1.0 < 8.2.78.2.7
mongodbmongodb_server>= 7.0.0 < 7.0.327.0.32
mongodbmongodb_server>= 8.0.0 < 8.0.218.0.21
mongodbmongodb_server8.1.0 – 8.1.*
mongodbmongodb_server>= 8.2.0 < 8.2.78.2.7

CVSS provenance

nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvdv4.07.1HIGHCVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.