PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-6691 MongoDB Inc. CVE debrief

The MongoDB C Driver's Cyrus SASL integration performs unsafe string copying during username canonicalization, enabling a heap buffer overflow before any authentication or network traffic. This may be triggered by passing untrusted input in the username of a MongoDB URI with authMechanism=GSSAPI. The vulnerability has a CVSS score of 8.6 and is classified as HIGH severity. Affected users should review and update their installations to prevent potential heap buffer overflow attacks. The issue is related to the MongoDB C Driver and its interaction with Cyrus SASL.

Vendor
MongoDB Inc.
Product
MongoDB C Driver
CVSS
HIGH 8.6
CISA KEV
Not listed in stored evidence
Original CVE published
2026-05-06
Original CVE updated
2026-06-18
Advisory published
2026-05-06
Advisory updated
2026-06-18

Who should care

Users of MongoDB C Driver, especially those using authMechanism=GSSAPI, should review and update their installations to prevent potential heap buffer overflow attacks. This includes administrators and developers responsible for MongoDB C Driver deployments, as well as security teams and vulnerability management teams. The vulnerability's impact on affected systems and potential operational disruptions should be assessed.

Technical summary

The MongoDB C Driver's Cyrus SASL integration is vulnerable to a heap buffer overflow due to unsafe string copying during username canonicalization. This issue can be triggered by passing untrusted input in the username of a MongoDB URI with authMechanism=GSSAPI. The vulnerability has a CVSS score of 8.6 and is classified as HIGH severity. Users of MongoDB C Driver, especially those using authMechanism=GSSAPI, should review and update their installations to prevent potential heap buffer overflow attacks. The issue requires updates to the MongoDB C Driver to address the vulnerability.

Defensive priority

High priority should be given to updating MongoDB C Driver installations, especially those using authMechanism=GSSAPI, to prevent potential heap buffer overflow attacks. This should be done in conjunction with reviewing and validating user input for MongoDB URIs and implementing additional security measures.

Recommended defensive actions

  • Update MongoDB C Driver to version 2.1.2 or later
  • Review and validate user input for MongoDB URIs with authMechanism=GSSAPI
  • Implement additional security measures to monitor and restrict network traffic
  • Confirm whether affected product deployments exist in managed environments and assign an owner for follow-up
  • Review compensating controls for exposed systems while remediation is scheduled and verified
  • Check relevant monitoring, detection, and logs for exposed assets that need extra review
  • Track exceptions, retest remediated assets, and close the item only after evidence is documented

Evidence notes

The CVE record was published on 2026-05-06T16:16:11.483Z and was last modified on 2026-06-18T17:18:13.887Z. The NVD entry is currently Analyzed. Evidence from the CVE record and NVD entry indicates a heap buffer overflow vulnerability in the MongoDB C Driver's Cyrus SASL integration. The vulnerability is triggered by passing untrusted input in the username of a MongoDB URI with authMechanism=GSSAPI. The issue has a CVSS score of 8.6 and is classified as HIGH severity. Users should review and update their installations to prevent potential heap buffer overflow attacks.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-05-06T16:16:11.483Z and has not been modified since then. The NVD entry is currently Analyzed.