Stack Exhaustion Vulnerability in MongoDB PHP Driver
CVE-2026-6811

6MEDIUM

Key Information:

Vendor: MongoDB
Status: PHP Driver
Vendor: CVE Published:; 14 May 2026

What is CVE-2026-6811?

A vulnerability in the MongoDB PHP driver can lead to stack exhaustion, causing applications to crash when handling deeply nested BSON documents. This issue arises under specific conditions when the BSON documents do not originate from a MongoDB server, making it essential for developers to implement proper validation and error handling to safeguard their applications.

Affected Version(s)

PHP Driver 1.21.5

PHP Driver 2.1.8

References

https://jira.mongodb.org/browse/PHPC-2636

CVSS V4

Score:

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 14, 2026
Vulnerability Reserved
Apr 21, 2026

CVE-2026-6811 Data

JSON