CVE-2026-9100
Awaiting Analysis Awaiting Analysis - Queue

MongoDB C Driver Legacy GridFS Memory Leak and Crash

Publication date: 2026-05-20

Last updated on: 2026-05-20

Assigner: MongoDB, Inc.

Description
The MongoDB C Driver's legacy GridFS API accepts malformed file metadata from the database without adequate validation. Crafted documents in a GridFS collection may cause any application that reads those files via the legacy API to either crash (via a division-by-zero) or silently leak process memory contents (via an out-of-bounds read).

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-05-20
Last Modified
2026-05-20
Generated
2026-06-30
AI Q&A
2026-05-20
EPSS Evaluated
2026-06-28
NVD
CVE-2026-9100
EUVD
EUVD-2026-31132

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
mongodb mongodb_c_driver *

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-1285 The product receives input that is expected to specify an index, position, or offset into an indexable resource such as a buffer or file, but it does not validate or incorrectly validates that the specified index/position/offset has the required properties.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

The vulnerability exists in the MongoDB C Driver's legacy GridFS API, which accepts malformed file metadata from the database without proper validation.

If an attacker crafts malicious documents in a GridFS collection, any application that reads those files using the legacy API may either crash due to a division-by-zero error or silently leak process memory contents because of an out-of-bounds read.

Impact Analysis

This vulnerability can impact you by causing your application to crash unexpectedly or by leaking sensitive process memory contents without your knowledge.

Such crashes can lead to denial of service, while memory leaks can expose sensitive information, potentially compromising the security of your system.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-9100. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart