CVE-2026-4147

🗓️ 17 Mar 2026 15:50:21Reported by mongodbType

CVE-2026-4147: Read role users can leak uninitialized stack memory via filemd5 commands.

Reporter	Title	Published	Views	Family All 17
ATTACKERKB	CVE-2026-4147	17 Mar 202615:50	–	attackerkb
Circl	CVE-2026-4147	17 Mar 202615:16	–	circl
CNNVD	MongoDB Server 安全漏洞	17 Mar 202600:00	–	cnnvd
Cvelist	CVE-2026-4147 Stack memory disclosure in filemd5 command	17 Mar 202615:50	–	cvelist
EUVD	EUVD-2026-12586	17 Mar 202618:30	–	euvd
MongoDB	Stack memory disclosure in filemd5 command	17 Mar 202615:50	–	mongodb
NVD	CVE-2026-4147	17 Mar 202616:16	–	nvd
OSV	BIT-MONGODB-2026-4147 Stack memory disclosure in filemd5 command	13 May 202608:10	–	osv
OSV	MINI-42W2-RHWX-34WH	11 Apr 202620:18	–	osv
OSV	MINI-JXGP-Q27H-F973	11 Apr 202615:17	–	osv

NVD

Node

mongodb mongodbRange7.0.0–7.0.31-

mongodb mongodbRange8.0.0–8.0.20-

mongodb mongodbRange8.2.0–8.2.6-

mongodb mongodbMatch8.3.0alpha0-

mongodb mongodbMatch8.3.0alpha1-

mongodb mongodbMatch8.3.0alpha2-

mongodb mongodbMatch8.3.0alpha3-

mongodb mongodbMatch8.3.0rc1-

[
  {
    "vendor": "MongoDB Inc",
    "product": "MongoDB Server",
    "versions": [
      {
        "status": "affected",
        "version": "8.2",
        "lessThan": "8.2.6",
        "versionType": "custom"
      },
      {
        "status": "affected",
        "version": "8.0",
        "lessThan": "8.0.20",
        "versionType": "custom"
      },
      {
        "status": "affected",
        "version": "7.0",
        "lessThan": "7.0.31",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

Source	Link
jira	www.jira.mongodb.org/browse/SERVER-119317

10 Apr 2026 17:40Current

5.8Medium risk

Vulners AI Score5.8

CVSS 3.14.3 - 6.5

CVSS 47.1

EPSS0.00209

SSVC