CVE-2026-6231

MEDIUM

bson_validate may skip validation when processing certain inputs

Title source: cna
STIX 2.1

Description

The bson_validate function may return early on specific inputs and incorrectly report success. This behavior could result in skipping validation for BSON data, allowing malformed or invalid UTF-8 sequences to bypass validation and be processed incorrectly. The issue may affect applications that rely on these functions to validate untrusted BSON data before further processing. This issue affects MongoDB C Driver versions prior to 1.30.5, MongoDB C Driver version 2.0.0 and MongoDB C Driver version 2.0.1

References (1)

Core 1
Core References
Issue Tracking issue-tracking
https://jira.mongodb.org/browse/CDRIVER-6017

Scores

CVSS v3 4.3
EPSS 0.0018
EPSS Percentile 8.2%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-20
Status published
Products (3)
mongodb/c_driver < 1.30.5
MongoDB Inc./C Driver 1.0 - 1.30.5
MongoDB Inc./C Driver 2.0 - 2.0.2
Published Apr 13, 2026
Tracked Since Apr 13, 2026