CVE-2026-6231

MEDIUM

bson_validate may skip validation when processing certain inputs

Title source: cna

Description

The bson_validate function may return early on specific inputs and incorrectly report success. This behavior could result in skipping validation for BSON data, allowing malformed or invalid UTF-8 sequences to bypass validation and be processed incorrectly. The issue may affect applications that rely on these functions to validate untrusted BSON data before further processing. This issue affects MongoDB C Driver versions prior to 1.30.5, MongoDB C Driver version 2.0.0 and MongoDB C Driver version 2.0.1

References (1)

[Issue Tracking] https://jira.mongodb.org/browse/CDRIVER-6017

Scores

CVSS v3 4.3

EPSS 0.0005

EPSS Percentile 14.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Details

CWE

CWE-20

Status published

Products (2)

MongoDB Inc./C Driver 1.0 - 1.30.5

MongoDB Inc./C Driver 2.0 - 2.0.2

Published Apr 13, 2026

Tracked Since Apr 13, 2026