CVE-2026-2302

🗓️ 10 Feb 2026 18:59:23Reported by mongodbType

Unsafe reflection in Mongoid Criteria.from_hash may execute arbitrary Ruby code from Hash.

Reporter	Title	Published	Views	Family All 13
ATTACKERKB	CVE-2026-2302	10 Feb 202618:59	–	attackerkb
CNNVD	MongoDB Ruby Driver 安全漏洞	10 Feb 202600:00	–	cnnvd
Cvelist	CVE-2026-2302 Unsafe Reflection in Mongoid::Criteria.from_hash	10 Feb 202618:59	–	cvelist
Debian CVE	CVE-2026-2302	10 Feb 202618:59	–	debiancve
MongoDB	Unsafe Reflection in Mongoid::Criteria.from_hash	10 Feb 202618:59	–	mongodb
NVD	CVE-2026-2302	10 Feb 202619:16	–	nvd
OSV	UBUNTU-CVE-2026-2302	10 Feb 202619:16	–	osv
Positive Technologies	PT-2026-7435	10 Feb 202600:00	–	ptsecurity
RedhatCVE	CVE-2026-2302	10 Feb 202621:37	–	redhatcve
Snyk	Arbitrary Code Execution	10 Feb 202619:54	–	snyk

[
  {
    "defaultStatus": "unaffected",
    "product": "MongoDB Ruby Driver",
    "vendor": "MongoDB Inc",
    "versions": [
      {
        "lessThanOrEqual": "7.6.1",
        "status": "affected",
        "version": "7.0.0",
        "versionType": "semver"
      },
      {
        "lessThanOrEqual": "8.0.12",
        "status": "affected",
        "version": "8.0.0",
        "versionType": "semver"
      },
      {
        "lessThanOrEqual": "8.1.12",
        "status": "affected",
        "version": "8.1.0",
        "versionType": "semver"
      },
      {
        "lessThanOrEqual": "9.0.10",
        "status": "affected",
        "version": "9.0.0",
        "versionType": "semver"
      }
    ]
  }
]

Source	Link
jira	www.jira.mongodb.org/browse/MONGOID-5919

17 Jun 2026 10:30Current

5.6Medium risk

Vulners AI Score5.6

CVSS 3.16.5

CVSS 46.9

EPSS0.00196

SSVC

CWE-183