Copyright © 2012 Red Hat, Inc. All rights reserved. Moderate 2026-03-17T19:42:03 mongo-c-driver: mongo-c-driver: Denial of Service via malformed HTTP response 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CWE-170

A compromised third party cloud server or man-in-the-middle attacker could send a malformed HTTP response and cause a crash in applications using the MongoDB C driver.

A flaw was found in mongo-c-driver. A compromised third-party cloud server or a man-in-the-middle (MITM) attacker could send a malformed HTTP response. This could cause applications using the MongoDB C driver to crash, leading to a Denial of Service.

This LOW impact vulnerability in the MongoDB C driver allows denial of service via malformed HTTP responses. Exploitation requires high complexity—either a compromised cloud server or active MITM position. Impact is limited to availability. Applications are only vulnerable when connecting to untrusted MongoDB instances or over untrusted networks. https://www.cve.org/CVERecord?id=CVE-2026-4359 https://nvd.nist.gov/vuln/detail/CVE-2026-4359 https://jira.mongodb.org/browse/CDRIVER-6251