CVE-2025-14911

High CVSS: 7.1

User-controlled chunkSize metadata from MongoDB lacks appropriate validation allowing malformed GridFS metadata to overflow the bounding container.

Vendor

Product

CWE

Yayın Tarihi

2026-01-27 18:15:52

Güncelleme

2026-02-26 22:20:42

Source Identifier

cna@mongodb.com

KEV Date Added

CWE-120 HIGH 2026

https://jira.mongodb.org/browse/CDRIVER-6125