CVE-2026-6811

MEDIUM

MongoDB PHP Driver 1.21.5-2.1.8 - Denial of Service via Deeply Nested BSON Document Processing

Title source: llm

Description

Stack exhaustion vulnerability in the MongoDB PHP driver can cause application crashes when processing deeply nested BSON documents in unusual circumstances when the source of these BSON documents is not MongoDB Server.

References (1)

Core 1

Core References

https://jira.mongodb.org/browse/PHPC-2636

Scores

CVSS v3 5.9

EPSS 0.0031

EPSS Percentile 22.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-674

Status published

Products (2)

MongoDB Inc./PHP Driver 1.21.5

MongoDB Inc./PHP Driver 2.1.8

Published May 14, 2026

Tracked Since May 15, 2026