vulnerability

MongoDB: CVE-2026-6914: Integer Underflow (Wrap or Wraparound)

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
7	(AV:N/AC:L/Au:S/C:N/I:N/A:C)	Apr 29, 2026	May 7, 2026	May 7, 2026

Severity

CVSS

(AV:N/AC:L/Au:S/C:N/I:N/A:C)

Published

Apr 29, 2026

Added

May 7, 2026

Modified

May 7, 2026

Description

Computing the MD5 checksum of a malformed BSON object under specific conditions may cause loss of availability in MongoDB server.
This issue affects all MongoDB Server v8.2 versions, all MongoDB Server v8.1 versions, MongoDB Server v8.0 versions prior to 8.0.21, MongoDB Server v7.0 versions prior to 7.0.32

Solutions

mongodb-upgrade-latestmongodb-upgrade-7_0_32mongodb-upgrade-8_0_21mongodb-upgrade-8_2_7

References

CVE-2026-6914
https://attackerkb.com/topics/CVE-2026-6914
https://jira.mongodb.org/browse/SERVER-119981
https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-26262
CWE-191
EUVD-EUVD-2026-26262

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report