Every CVE whose affected-product data names Mongodb C Driver, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (8)
CVE-2026-6691 — CVSS 7.8 (high): The MongoDB C Driver's Cyrus SASL integration performs unsafe string copying during username canonicalization, enabling a heap buffer…
CVE-2024-7553 — CVSS 7.3 (high): Incorrect validation of files loaded from a local untrusted directory may allow local privilege escalation if the underlying operating…
CVE-2020-12135 — CVSS 5.5 (medium): bson before 0.8 incorrectly uses int rather than size_t for many variables, parameters, and return values. In particular, the…
CVE-2023-0437 — CVSS 5.3 (medium): When calling bson_utf8_validate on some inputs a loop with an exit condition that cannot be reached may occur, i.e. an infinite loop. This…
CVE-2026-6231 — CVSS 4.3 (medium): The bson_validate function may return early on specific inputs and incorrectly report success. This behavior could result in skipping…
CVE-2021-32050 — CVSS 4.2 (medium): Some MongoDB Drivers may erroneously publish events containing authentication-related data to a command listener configured by an…
CVE-2026-4359 — CVSS 2.0 (low): A compromised third party cloud server or man-in-the-middle attacker could send a malformed HTTP response and cause a crash in applications…