Input Validation Flaw in MongoDB C Driver Potentially Exposing Data
CVE-2026-6231

5.3MEDIUM

Key Information:

Vendor: MongoDB
Status: C Driver
Vendor: CVE Published:; 13 April 2026

What is CVE-2026-6231?

The bson_validate function within the MongoDB C Driver contains an input validation flaw that can lead to improper handling of untrusted BSON data. This vulnerability allows malicious actors to input malformed or invalid UTF-8 sequences that bypass the expected validation checks. As a result, applications relying on this driver for BSON validation may unknowingly process unauthorized data, potentially exposing them to further security risks. Upgrading to the latest versions is crucial for ensuring proper validation and maintaining data integrity.

Affected Version(s)

C Driver 1.0 < 1.30.5

C Driver 2.0 < 2.0.2

References

https://jira.mongodb.org/browse/CDRIVER-6017

issue-tracking

CVSS V4

Score:

5.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 13, 2026
Vulnerability Reserved
Apr 13, 2026

CVE-2026-6231 Data

JSON