MongoDB PHP Driver
Moderate fix2 remedies
cpe:2.3:a:mongodb:php_driver:*:*:*:*:mongodb:*:*
Moderate fix2 remedies
MongoDB PHP Driver Stack Exhaustion Vulnerability Allowing Application Crashes
Vulnerability
Patched
A stack exhaustion vulnerability has been identified in the MongoDB PHP driver, specifically in versions 1.21.5 and 2.1.8. This vulnerability can lead to application crashes when the driver processes deeply nested BSON documents, particularly when these documents originate from sources other than MongoDB Server. The absence of a nesting limit in the PHP driver allows for the possibility of such stack exhaustion, as libbson enforces a maximum nesting level of 100.
Impact
Exploitation of this vulnerability can cause application crashes due to stack exhaustion, disrupting normal operation and potentially leading to denial of service.
Remediation
Users can update to MongoDB PHP Driver versions 1.21.5 or 2.1.8, where this vulnerability has been addressed.
Added: May 14, 2026, 10:19 PM
Updated: May 14, 2026, 10:19 PM
Vulnerability Rating
Custom Algorithm
spread
5.4impact
2.5exploitability
4.7remediation
7.7relevance
8.3threat
0.0urgency
2.9incentive
0.0Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.