Computing the MD5 checksum of a malformed BSON object under specific conditions may cause loss of availability in MongoDB server. This issue affects all MongoDB Server v8.2 versions, all MongoDB Server v8.1 versions, MongoDB Server v8.0 versions prior to 8.0.21, MongoDB Server v7.0 versions prior to 7.0.32
{
"cwe_ids": [
"CWE-191"
],
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/6xxx/CVE-2026-6914.json",
"cna_assigner": "mongodb",
"unresolved_ranges": [
{
"extracted_events": [
{
"introduced": "8.2.0"
},
{
"fixed": "8.2.7"
},
{
"introduced": "8.1.0"
},
{
"last_affected": "8.1.*"
},
{
"introduced": "8.0.0"
},
{
"fixed": "8.0.21"
},
{
"introduced": "7.0.0"
},
{
"fixed": "7.0.32"
}
],
"source": "AFFECTED_FIELD"
}
]
}{
"cpe": "cpe:2.3:a:mongodb:mongodb:*:*:*:*:-:*:*:*",
"extracted_events": [
{
"introduced": "7.0.0"
},
{
"fixed": "7.0.32"
},
{
"introduced": "8.0.0"
},
{
"fixed": "8.0.21"
},
{
"introduced": "8.1.0"
},
{
"fixed": "8.2.7"
}
],
"source": "CPE_RANGE"
}[
{
"source": "https://github.com/mongodb/mongo/commit/08e0c4612b855c4e73385c2ec838588f82d8a19b",
"signature_version": "v1",
"signature_type": "Function",
"digest": {
"function_hash": "164686043380698660719722351152006285402",
"length": 2908.0
},
"deprecated": false,
"id": "CVE-2026-6914-3ef5e661",
"target": {
"function": "mongod_main",
"file": "src/mongo/db/mongod_main.cpp"
}
},
{
"source": "https://github.com/mongodb/mongo/commit/08e0c4612b855c4e73385c2ec838588f82d8a19b",
"signature_version": "v1",
"signature_type": "Line",
"digest": {
"line_hashes": [
"179215270457449443453579291868469199727",
"33556446067133974934969847839402282197",
"29350364556964231604783587715398600263",
"57726341186909301783117793920654563686",
"136845089925583489291724266187596164684",
"305634184878952065582817930778120911044",
"172837088109626467133187672572056083021"
],
"threshold": 0.9
},
"deprecated": false,
"id": "CVE-2026-6914-4f010fbc",
"target": {
"file": "src/mongo/db/mongod_main.cpp"
}
},
{
"source": "https://github.com/mongodb/mongo/commit/08e0c4612b855c4e73385c2ec838588f82d8a19b",
"signature_version": "v1",
"signature_type": "Line",
"digest": {
"line_hashes": [
"113943198681305830374459943796736910273",
"284155681462991298677336326783867736476",
"322305722881740005680917803045236736977",
"91774852827086589335342822882248207662",
"229647983256621488789011376734284527782",
"281813804611164678198537084954231215930",
"244936745804740692166401377847527106794"
],
"threshold": 0.9
},
"deprecated": false,
"id": "CVE-2026-6914-74d68245",
"target": {
"file": "src/mongo/s/mongos_main.cpp"
}
},
{
"source": "https://github.com/mongodb/mongo/commit/08e0c4612b855c4e73385c2ec838588f82d8a19b",
"signature_version": "v1",
"signature_type": "Function",
"digest": {
"function_hash": "79148053720149972531027689719546447436",
"length": 2005.0
},
"deprecated": false,
"id": "CVE-2026-6914-8f2fa9a0",
"target": {
"function": "mongos_main",
"file": "src/mongo/s/mongos_main.cpp"
}
}
]
"2026-07-16T00:24:42Z"
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-6914.json"