ByteOS Network

MongoDB Go Driver

Source -

CNA

CNA CVEs -

ADP CVEs -

CISA CVEs -

NVD CVEs -

2Vulnerabilities found

CVE-2026-2303

Assigner-MongoDB, Inc.

View Details

Assigner-MongoDB, Inc.

CVSS Score-6.9||MEDIUM

EPSS-0.03% / 9.96%

7 Day CHG~0.00%

Published-10 Feb, 2026 | 19:03

Updated-11 Feb, 2026 | 15:16

Heap Out-of-Bounds Read in Go Driver GSSAPI C Wrappers enables application crash or information leak

The mongo-go-driver repository contains CGo bindings for GSSAPI (Kerberos) authentication on Linux and macOS. The C wrapper implementation contains a heap out-of-bounds read vulnerability due to incorrect assumptions about string termination in the GSSAPI standard. Since GSSAPI buffers are not guaranteed to be null-terminated or have extra padding, this results in reading one byte past the allocated heap buffer.

Vendor-MongoDB, Inc.

Product-MongoDB Go Driver

CWE ID-CWE-183

Permissive List of Allowed Inputs

CVE-2021-20329

Assigner-MongoDB, Inc.

View Details

Assigner-MongoDB, Inc.

CVSS Score-6.8||MEDIUM

EPSS-0.19% / 41.25%

7 Day CHG~0.00%

Published-10 Jun, 2021 | 16:30

Updated-16 Sep, 2024 | 23:15

Specific cstrings input may not be properly validated in the Go Driver

Specific cstrings input may not be properly validated in the MongoDB Go Driver when marshalling Go objects into BSON. A malicious user could use a Go object with specific string to potentially inject additional fields into marshalled documents. This issue affects all MongoDB GO Drivers prior to and including 1.5.0.

Vendor-MongoDB, Inc.

Product-go_driver MongoDB Go Driver

CWE ID-CWE-1287

Improper Validation of Specified Type of Input

CWE ID-CWE-20

Improper Input Validation