Medium severity6.5NVD Advisory· Published Apr 29, 2026· Updated May 6, 2026

CVE-2026-6914

Description

Computing the MD5 checksum of a malformed BSON object under specific conditions may cause loss of availability in MongoDB server. This issue affects all MongoDB Server v8.2 versions, all MongoDB Server v8.1 versions, MongoDB Server v8.0 versions prior to 8.0.21, MongoDB Server v7.0 versions prior to 7.0.32

Affected products

MongoDB/MongoDB
cpe:2.3:a:mongodb:mongodb:*:*:*:*:-:*:*:*
Range: >=7.0.0,<7.0.32

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

jira.mongodb.org/browse/SERVER-119981nvdIssue TrackingPatch

News mentions

Worm rubs out competitor's malware, then takes control
The Register Security · May 8, 2026
The Good, the Bad and the Ugly in Cybersecurity – Week 19
SentinelOne Labs · May 8, 2026
VECT: Ransomware by design, Wiper by accident
Check Point Research · Apr 28, 2026
Ongoing supply-chain attack 'explicitly targeting' security, dev tools
The Register Security · Apr 27, 2026

cvss	0.423
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000