MD5 checksum creation may cause availability loss_CVE-2026-6914

7.1 / 10

HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Description

Computing the MD5 checksum of a malformed BSON object under specific conditions may cause loss of availability in MongoDB server.
This issue affects all MongoDB Server v8.2 versions, all MongoDB Server v8.1 versions, MongoDB Server v8.0 versions prior to 8.0.21, MongoDB Server v7.0 versions prior to 7.0.32

Basic Information

ID CVE-2026-6914

Source mongodb

Published Apr 29, 2026 at 16:47

Affected Product

Vendor MongoDB

Product MongoDB Server

Version 8.2.0

Affected Versions MongoDB MongoDB Server 8.2.0
MongoDB MongoDB Server 8.1.0
MongoDB MongoDB Server 8.0.0
MongoDB MongoDB Server 7.0.0

CWE Classification

CWE-191

References

jira.mongodb.org /browse/SERVER-119981

{
    "lastseen": "",
    "description": "Computing the MD5 checksum of a malformed BSON object under specific conditions may cause loss of availability in MongoDB server.\nThis issue affects all MongoDB Server v8.2 versions, all MongoDB Server v8.1 versions, MongoDB Server v8.0 versions prior to 8.0.21, MongoDB Server v7.0 versions prior to 7.0.32",
    "published": "2026-04-29T16:47:02.056Z",
    "modified": "2026-04-29T16:47:02.056Z",
    "type": "cve",
    "title": "MD5 checksum creation may cause availability loss",
    "source": "mongodb",
    "references": "https://jira.mongodb.org/browse/SERVER-119981",
    "id": "CVE-2026-6914",
    "bulletinFamily": "",
    "cwe": [
        "CWE-191"
    ],
    "cvelist": null,
    "sourceData": "MongoDB MongoDB Server 8.2.0\nMongoDB MongoDB Server 8.1.0\nMongoDB MongoDB Server 8.0.0\nMongoDB MongoDB Server 7.0.0",
    "sourceHref": "",
    "cvss": {
        "score": 7.1,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "MongoDB Server",
    "version": "8.2.0",
    "vendor": "MongoDB",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}