CVE-2026-6811

Summary

Stack exhaustion vulnerability in the MongoDB PHP driver can cause application crashes when processing deeply nested BSON documents in unusual circumstances when the source of these BSON documents is not MongoDB Server.

Affected Software

VendorProductVersion RangeStatus
MongoDB Inc.PHP Driver1.21.5affected
MongoDB Inc.PHP Driver2.1.8affected

Weaknesses

  • CWE-674: CWE-674 Uncontrolled Recursion

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References