The bson_validate function may return early on specific inputs and incorrectly report success. This behavior could result in skipping validation for BSON data, allowing malformed or invalid UTF-8 sequences to bypass validation and be processed incorrectly. The issue may affect applications that rely on these functions to validate untrusted BSON data before further processing. This issue affects MongoDB C Driver versions prior to 1.30.5, MongoDB C Driver version 2.0.0 and MongoDB C Driver version 2.0.1
{
"unresolved_ranges": [
{
"source": "AFFECTED_FIELD",
"extracted_events": [
{
"introduced": "1.0"
},
{
"fixed": "1.30.5"
},
{
"introduced": "2.0"
},
{
"fixed": "2.0.2"
}
]
}
],
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/6xxx/CVE-2026-6231.json",
"cna_assigner": "mongodb",
"cwe_ids": [
"CWE-20"
]
}{
"source": "CPE_RANGE",
"cpe": "cpe:2.3:a:mongodb:c_driver:*:*:*:*:*:mongodb:*:*",
"extracted_events": [
{
"introduced": "0"
},
{
"fixed": "1.30.5"
},
{
"introduced": "2.0.0"
},
{
"fixed": "2.0.2"
}
]
}