Legacy API Vulnerability in MongoDB C Driver
CVE-2026-9100

6MEDIUM

Key Information:

Vendor: Mongodb, Inc.
Status: C Driver
Vendor: CVE Published:; 20 May 2026

🔔 Create Mongodb, Inc. Vulnerability Alert

What is CVE-2026-9100?

The legacy GridFS API in the MongoDB C Driver is susceptible to vulnerabilities due to inadequate validation of file metadata. This weakness allows the insertion of crafted documents that may cause applications to malfunction when reading these files. Specifically, applications might experience crashes from division-by-zero errors or face silent memory disclosures through out-of-bounds reads, exposing internal process data.

Affected Version(s)

C Driver 1.0 < 1.30.8

C Driver 2.0 < 2.2.4

References

https://jira.mongodb.org/browse/CDRIVER-6281

issue-tracking

CVSS V4

Score:

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 20, 2026
Vulnerability Reserved
May 20, 2026

CVE-2026-9100 Data

JSON