CVE-2026-6914: CWE-191 Integer underflow (wrap or wraparound) in MongoDB MongoDB Server
Computing the MD5 checksum of a malformed BSON object under specific conditions may cause loss of availability in MongoDB server. This issue affects all MongoDB Server v8.2 versions, all MongoDB Server v8.1 versions, MongoDB Server v8.0 versions prior to 8.0.21, MongoDB Server v7.0 versions prior to 7.0.32
AI Analysis
Technical Summary
This vulnerability (CVE-2026-6914) involves an integer underflow (CWE-191) triggered during the computation of an MD5 checksum on a malformed BSON object in MongoDB Server. Affected versions include all 8.1 and 8.2 releases, 8.0 versions prior to 8.0.21, and 7.0 versions prior to 7.0.32. The integer underflow can lead to loss of availability of the MongoDB server, indicating a denial-of-service condition. The CVSS 4.0 base score is 7.1, reflecting a high severity with network attack vector, low attack complexity, no privileges or user interaction required, and high impact on availability. No official remediation or patch is currently documented, and this is not a cloud service vulnerability.
Potential Impact
Successful exploitation of this vulnerability can cause the MongoDB server to become unavailable, resulting in a denial-of-service condition. There is no indication of confidentiality or integrity impact. No known exploits are reported in the wild.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, consider restricting access to MongoDB servers to trusted users and networks to reduce exposure to malformed BSON objects. Monitor vendor communications for updates on patches or mitigations.
CVE-2026-6914: CWE-191 Integer underflow (wrap or wraparound) in MongoDB MongoDB Server
Description
Computing the MD5 checksum of a malformed BSON object under specific conditions may cause loss of availability in MongoDB server. This issue affects all MongoDB Server v8.2 versions, all MongoDB Server v8.1 versions, MongoDB Server v8.0 versions prior to 8.0.21, MongoDB Server v7.0 versions prior to 7.0.32
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability (CVE-2026-6914) involves an integer underflow (CWE-191) triggered during the computation of an MD5 checksum on a malformed BSON object in MongoDB Server. Affected versions include all 8.1 and 8.2 releases, 8.0 versions prior to 8.0.21, and 7.0 versions prior to 7.0.32. The integer underflow can lead to loss of availability of the MongoDB server, indicating a denial-of-service condition. The CVSS 4.0 base score is 7.1, reflecting a high severity with network attack vector, low attack complexity, no privileges or user interaction required, and high impact on availability. No official remediation or patch is currently documented, and this is not a cloud service vulnerability.
Potential Impact
Successful exploitation of this vulnerability can cause the MongoDB server to become unavailable, resulting in a denial-of-service condition. There is no indication of confidentiality or integrity impact. No known exploits are reported in the wild.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, consider restricting access to MongoDB servers to trusted users and networks to reduce exposure to malformed BSON objects. Monitor vendor communications for updates on patches or mitigations.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- mongodb
- Date Reserved
- 2026-04-23T14:59:45.727Z
- Cvss Version
- 4.0
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 69f23e5ccbff5d8610337c4e
Added to database: 4/29/2026, 5:22:36 PM
Last enriched: 4/29/2026, 5:36:20 PM
Last updated: 4/29/2026, 6:46:35 PM
Views: 4
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.