CVE•Published 2026-05-20•Modified 2026-05-20•0 articles on news•6 live references•NVD data
CVE-2026-9100
Vulnerability data via NVD (ingested)
CVSS v3.1
5.9
MEDIUM
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H
EPSS percentile
—
Description
The MongoDB C Driver's legacy GridFS API accepts malformed file metadata from the database without adequate validation. Crafted documents in a GridFS collection may cause any application that reads those files via the legacy API to either crash (via a division-by-zero) or silently leak process memory contents (via an out-of-bounds read).
Timeline
Published 2026-05-20
Modified 2026-05-20
External references
Search for exposed instances
Shodan + Censys queries derived from NVD's CPE data. The vuln tag catches assets Shodan has explicitly linked to this CVE; the product / banner fingerprints find exposed instances even when the vuln tag was never applied (which is common).
More intel sources (5)
Shodan report
vuln:CVE-2026-9100Country / ASN / product breakdown for the vuln query.
Censys
vulnerabilities.cve_id: CVE-2026-9100Censys host search filtered to this CVE id.
grep.app
CVE-2026-9100Public source-code mentions — fast PoC discovery.
GitHub code
CVE-2026-9100GitHub code search for direct mentions.
Google dork
"CVE-2026-9100" exploit -site:nvd.nist.govWrite-ups and news, NVD excluded.
Known PoCs on GitHub (8)
CVE-2026-91008 repos
abyo-software/s4Rust
GPU-accelerated transparent compression S3-compatible storage gateway. Drop-in replacement for AWS S3 endpoints; cuts your S3 bill 50-80% with no app changes (Rust, nvCOMP, zstd).
onewinner/Lightxunknown
Lightx 是一款轻量级、高效率的网络安全扫描工具,专为安全研究人员和渗透测试工程师设计。它集成了端口扫描、服务识别、Web指纹识别、漏洞扫描和弱口令检测等功能,提供全面的安全评估能力。并覆盖多数两高一弱场景。
josephrw12/cortex-c2C
Cortex C2 is a Open source Linux C2 inspired by the void link C2 framework
zast-ai/vulnerability-reportsPython
romanklis/openclaw-containedPython
TaskForge runs AI agents in sandboxed Docker containers with capability-based security. Agents start with minimal permissions and must request new capabilities (packages, network a…
NorskHelsenett/copy-fail-destroyerGo
domo-monster/HomeSecurityAssistantJavaScript
Home Security Assistant — Network security monitoring for Home Assistant — NetFlow/IPFIX analysis, active host scanning, vulnerability detection, and threat intelligence enrichment…
jwiegley/nixos-configNix
NixOS configuration for a home data and automation server
We haven't classified any articles referencing CVE-2026-9100 yet. The external references above still apply.