Primary

Context

MongoDB Server Denial-of-Service Vulnerability via Malformed BSON MD5 Checksum Calculation

Vulnerability

Patched

A denial-of-service vulnerability has been identified in MongoDB Server. Under specific conditions, computing the MD5 checksum of a malformed BSON object can lead to a loss of availability. This issue affects all versions of MongoDB Server 8.2, all versions of MongoDB Server 8.1, MongoDB Server 8.0 prior to 8.0.21, and MongoDB Server 7.0 prior to 7.0.32.

Impact

Exploitation of this vulnerability causes a major loss of function, leading to a denial-of-service condition on the MongoDB server.

Remediation

Users can upgrade to MongoDB Server versions 8.3.0-rc0, 8.2.7, 8.0.21, or 7.0.32 to address this vulnerability.

Added: Apr 29, 2026, 5:22 PM

Updated: Apr 29, 2026, 5:22 PM

Vulnerability Rating

Custom Algorithm

spread

6.8

impact

2.5

exploitability

7.0

remediation

7.7

relevance

6.8

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

6.8

impact

2.5

exploitability

7.0

remediation

7.7

relevance

6.8

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

MongoDB Server Denial-of-Service Vulnerability via Malformed BSON MD5 Checksum Calculation

Vulnerability

Impact

Remediation

Affected Products

MongoDB Server

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating