CVE-2026-4359— Heap-buffer-over-read in _mongoc_http_send via strstr on non-null-terminated buffer
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-4359
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Heap-buffer-over-read in _mongoc_http_send via strstr on non-null-terminated buffer
Source: NVD (National Vulnerability Database)
Vulnerability Description
A compromised third party cloud server or man-in-the-middle attacker could send a malformed HTTP response and cause a crash in applications using the MongoDB C driver.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:L
Source: NVD (National Vulnerability Database)
Vulnerability Type
空字节或NULL字符转义处理不恰当
Source: NVD (National Vulnerability Database)
Vulnerability Title
MongoDB C Driver 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
MongoDB C Driver是MongoDB开源的一个用于在C语言程序中连接和操作MongoDB数据库的客户端驱动库。 MongoDB C Driver存在安全漏洞,该漏洞源于使用该驱动的应用程序可能因接收到畸形HTTP响应而崩溃。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| MongoDB Inc | MongoDB C Driver | 0 ~ 2.2.3 | - |
II. Public POCs for CVE-2026-4359
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-4359
请登录查看更多情报信息。
Same Patch Batch · MongoDB Inc · 2026-03-17 · 4 CVEs total
| CVE-2026-4148 | 8.8 HIGH | ExpressionContext use-after-free in classic engine $lookup and $graphLookup aggregation op |
| CVE-2026-4147 | 6.5 MEDIUM | Stack memory disclosure in filemd5 command |
| CVE-2026-4358 | 6.4 MEDIUM | Memory safety issues in slot-based execution hash table spill |
IV. Related Vulnerabilities
Same vendor: MongoDB Inc
- CVE-2026-4358
Memory safety issues in slot-based execution hash table spil - CVE-2026-4148
ExpressionContext use-after-free in classic engine $lookup a - CVE-2026-4147
Stack memory disclosure in filemd5 command - CVE-2026-2303
Heap Out-of-Bounds Read in Go Driver GSSAPI C Wrappers enabl - CVE-2026-2302
Unsafe Reflection in Mongoid::Criteria.from_hash
V. Comments for CVE-2026-4359
No comments yet