MongoDB PHP Driver Stack Exhaustion from Deeply Nested BSON: CVE-2026-6811 May 2026

PHP Stack Exhaustion
Stack exhaustion vulnerability in the MongoDB PHP driver can cause application crashes when processing deeply nested BSON documents in unusual circumstances when the source of these BSON documents is not MongoDB Server.

Vulnerability Analysis

CVE-2026-6811 can be exploited with network access, and does not require authorization privileges or user interaction. This vulnerability is consided to have a high level of attack complexity. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality and integrity, and a high impact on availability.

Attack Vector:

NETWORK

Attack Complexity:

HIGH

Privileges Required:

NONE

User Interaction:

NONE

Scope:

UNCHANGED

Confidentiality Impact:

NONE

Integrity Impact:

NONE

Availability Impact:

HIGH

Weakness Type

What is a Stack Exhaustion Vulnerability?

The product does not properly control the amount of recursion which takes place, consuming excessive resources, such as allocated memory or the program stack.

CVE-2026-6811 has been classified to as a Stack Exhaustion vulnerability or weakness.

MongoDB PHP Driver Stack Exhaustion from Deeply Nested BSON
CVE-2026-6811 Published on May 14, 2026

Vulnerability Analysis

Weakness Type

What is a Stack Exhaustion Vulnerability?

Affected Versions

MongoDB PHP Driver Stack Exhaustion from Deeply Nested BSONCVE-2026-6811 Published on May 14, 2026

Vulnerability Analysis

Weakness Type

What is a Stack Exhaustion Vulnerability?

Affected Versions

MongoDB PHP Driver Stack Exhaustion from Deeply Nested BSON
CVE-2026-6811 Published on May 14, 2026