CVE-2026-5170

🗓️ 30 Mar 2026 15:28:57Reported by mongodbType

Limited-privilege user can crash mongod during replica set to sharded cluster promotion, causing primary denial of service.

Reporter	Title	Published	Views	Family All 18
FreeBSD	MongoDB Server -- CWE-617: Reachable Assertion	30 Mar 202600:00	–	freebsd
ATTACKERKB	CVE-2026-5170	30 Mar 202615:28	–	attackerkb
CNNVD	MongoDB Server 安全漏洞	30 Mar 202600:00	–	cnnvd
Cvelist	CVE-2026-5170 Users could trigger a crash of mongod primaries during promotion to sharded	30 Mar 202615:28	–	cvelist
EUVD	EUVD-2026-17115	30 Mar 202618:31	–	euvd
Tenable Nessus	FreeBSD : MongoDB Server -- CWE-617: Reachable Assertion (a117f43b-2f7b-11f1-89f4-b42e991fc52e)	5 Apr 202600:00	–	nessus
Tenable Nessus	Linux Distros Unpatched Vulnerability : CVE-2026-5170	31 Mar 202600:00	–	nessus
MongoDB	Users could trigger a crash of mongod primaries during promotion to sharded	30 Mar 202615:28	–	mongodb
NVD	CVE-2026-5170	30 Mar 202616:16	–	nvd
OSV	BIT-MONGODB-2026-5170 Users could trigger a crash of mongod primaries during promotion to sharded	6 Apr 202607:54	–	osv

NVD

Node

mongodb mongodbRange7.0.0–7.0.31-

mongodb mongodbRange8.0.0–8.0.18-

mongodb mongodbRange8.2.0–8.2.2-

[
  {
    "defaultStatus": "unaffected",
    "product": "MongoDB Server",
    "vendor": "MongoDB",
    "versions": [
      {
        "lessThan": "8.2.2",
        "status": "affected",
        "version": "8.2",
        "versionType": "custom"
      },
      {
        "lessThan": "8.0.18",
        "status": "affected",
        "version": "8.0",
        "versionType": "custom"
      },
      {
        "lessThan": "7.0.31",
        "status": "affected",
        "version": "7.0",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
jira	www.jira.mongodb.org/browse/SERVER-101758

17 Jun 2026 10:58Current

5.9Medium risk

Vulners AI Score5.9

CVSS 3.15.3

CVSS 46

EPSS0.00203

SSVC

CWE-617