CVE-2026-9100 - CERT CVE

  1. CVE-2026-9100

ID CVE-2026-9100
Sažetak The MongoDB C Driver's legacy GridFS API accepts malformed file metadata from the database without adequate validation. Crafted documents in a GridFS collection may cause any application that reads those files via the legacy API to either crash (via a division-by-zero) or silently leak process memory contents (via an out-of-bounds read).
Reference
CVSS
Base: 5.9
Impact: 4.2
Exploitability:1.6
Pristup
VektorSloženostAutentikacija
NETWORK HIGH LOW
Impact
PovjerljivostCjelovitostDostupnost
LOW NONE HIGH
CVSS vektor CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H
Zadnje važnije ažuriranje 20-05-2026 - 17:32
Objavljeno 20-05-2026 - 17:16