CVE-2026-4359
A compromised third party cloud server or man-in-the-middle attacker could send a malformed HTTP response and cause a crash in applications using the MongoDB C driver.
CVE-2025-12119
A mongoc_bulk_operation_t may read invalid memory if large options are passed.