Malware Mitigation Flaw in MongoDB Server from MongoDB, Inc.
CVE-2026-6914

7.1HIGH

Key Information:

Vendor: Mongodb
Status: Mongodb Server
Vendor: CVE Published:; 29 April 2026

What is CVE-2026-6914?

A vulnerability in MongoDB Server allows for a potential loss of availability when the MD5 checksum is computed on a malformed BSON object under specific conditions. This issue affects various versions of MongoDB Server, including v8.2, v8.1, and earlier versions of v8.0 and v7.0, which further emphasizes the need for immediate attention to mitigate risks associated with database operations.

Affected Version(s)

MongoDB Server 8.2.0 < 8.2.7

MongoDB Server 8.1.0 <= 8.1.*

MongoDB Server 8.0.0 < 8.0.21

References

https://jira.mongodb.org/browse/SERVER-119981

CVSS V4

Score:

7.1

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 29, 2026
Vulnerability Reserved
Apr 23, 2026

CVE-2026-6914 Data

JSON

Mongodb

What is CVE-2026-6914?

Affected Version(s)

References

CVSS V4

Timeline