CVE-2026-9100

Published: Mag 20, 2026 Last Modified: Mag 20, 2026

ExploitDB:

Other exploit source:

Google Dorks:

MEDIUM 6,0

Source: [email protected]

Attack Vector: network

Attack Complexity: low

Privileges Required: low

User Interaction: none

Confidentiality: N/A

Integrity: N/A

Availability: N/A

MEDIUM 5,9

Source: [email protected]

Attack Vector: network

Attack Complexity: high

Privileges Required: low

User Interaction: none

Scope: unchanged

Confidentiality: low

Integrity: none

Availability: high

Description

AI Translation Available

The MongoDB C Driver's legacy GridFS API accepts malformed file metadata from the database without adequate validation. Crafted documents in a GridFS collection may cause any application that reads those files via the legacy API to either crash (via a division-by-zero) or silently leak process memory contents (via an out-of-bounds read).

1285

Improper Validation of Specified Index, Position, or Offset in Input

Incomplete

Abstraction: Base Structure: Simple

Common Consequences

Security Scopes Affected:

Other

Potential Impacts:

Varies By Context

Applicable Platforms

All platforms may be affected

View CWE Details

https://jira.mongodb.org/browse/CDRIVER-6281

CVE-2026-9100

Description

Improper Validation of Specified Index, Position, or Offset in Input

Common Consequences

Applicable Platforms

Iscriviti alla newsletter