Mongodb C Driver vulnerabilities

CVE-2026-4359 [LOW] CWE-158 CVE-2026-4359: A compromised third party cloud server or man-in-the-middle attacker could send a malformed HTTP res A compromised third party cloud server or man-in-the-middle attacker could send a malformed HTTP response and cause a crash in applications using the MongoDB C driver.

CVE-2025-12119 [MEDIUM] CWE-825 CVE-2025-12119: A mongoc_bulk_operation_t may read invalid memory if large options are passed. A mongoc_bulk_operation_t may read invalid memory if large options are passed.

CVE-2024-7553 [HIGH] CWE-284 CVE-2024-7553: Incorrect validation of files loaded from a local untrusted directory may allow local privilege esca Incorrect validation of files loaded from a local untrusted directory may allow local privilege escalation if the underlying operating systems is Windows. This may result in the application executing arbitrary behaviour determined by the contents of untrusted files. This issue affects MongoDB Server v5.0 versions prior to 5.0.27, MongoDB Server v6.0 ver

CVE-2023-0437 [HIGH] CWE-835 CVE-2023-0437: When calling bson_utf8_validate on some inputs a loop with an exit condition that cannot be reached When calling bson_utf8_validate on some inputs a loop with an exit condition that cannot be reached may occur, i.e. an infinite loop. This issue affects All MongoDB C Driver versions prior to versions 1.25.0.

CVE-2021-32050 [HIGH] CWE-200 CVE-2021-32050: Some MongoDB Drivers may erroneously publish events containing authentication-related data to a comm Some MongoDB Drivers may erroneously publish events containing authentication-related data to a command listener configured by an application. The published events may contain security-sensitive data when specific authentication-related commands are executed. Without due care, an application may inadvertently expose this sensitive information, e.g.,

CVE-2022-48282 [HIGH] CWE-502 CVE-2022-48282: Under very specific circumstances (see Required configuration section below), a privileged user is a Under very specific circumstances (see Required configuration section below), a privileged user is able to cause arbitrary code to be executed which may cause further disruption to services. This is specific to applications written in C#. This affects all MongoDB .NET/C# Driver versions prior to and including v2.18.0 Following configuration must be t

CVE-2021-20331 [MEDIUM] CWE-200 CVE-2021-20331: Specific versions of the MongoDB C# Driver may erroneously publish events containing authentication- Specific versions of the MongoDB C# Driver may erroneously publish events containing authentication-related data to a command listener configured by an application. The published events may contain security-sensitive data when commands such as "saslStart", "saslContinue", "isMaster", "createUser", and "updateUser" are executed. Without due care, an

CVE-2020-12135 [MEDIUM] CWE-190 CVE-2020-12135: bson before 0.8 incorrectly uses int rather than size_t for many variables, parameters, and return v bson before 0.8 incorrectly uses int rather than size_t for many variables, parameters, and return values. In particular, the bson_ensure_space() parameter bytesNeeded could have an integer overflow via properly constructed bson input.