CVE-2026-4147 Stack memory disclosure in filemd5 command

🗓️ 17 Mar 2026 15:50:21Reported by mongodbType

CVE-2026-4147: Authenticated read users can disclose uninitialized stack memory via filemd5.

Reporter	Title	Published	Views	Family All 17
ATTACKERKB	CVE-2026-4147	17 Mar 202615:50	–	attackerkb
Circl	CVE-2026-4147	17 Mar 202615:16	–	circl
CNNVD	MongoDB Server 安全漏洞	17 Mar 202600:00	–	cnnvd
CVE	CVE-2026-4147	17 Mar 202615:50	–	cve
EUVD	EUVD-2026-12586	17 Mar 202618:30	–	euvd
MongoDB	Stack memory disclosure in filemd5 command	17 Mar 202615:50	–	mongodb
NVD	CVE-2026-4147	17 Mar 202616:16	–	nvd
OSV	BIT-MONGODB-2026-4147 Stack memory disclosure in filemd5 command	13 May 202608:10	–	osv
OSV	MINI-42W2-RHWX-34WH	11 Apr 202620:18	–	osv
OSV	MINI-JXGP-Q27H-F973	11 Apr 202615:17	–	osv

[
  {
    "vendor": "MongoDB Inc",
    "product": "MongoDB Server",
    "versions": [
      {
        "status": "affected",
        "version": "8.2",
        "lessThan": "8.2.6",
        "versionType": "custom"
      },
      {
        "status": "affected",
        "version": "8.0",
        "lessThan": "8.0.20",
        "versionType": "custom"
      },
      {
        "status": "affected",
        "version": "7.0",
        "lessThan": "7.0.31",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

Source	Link
jira	www.jira.mongodb.org/browse/SERVER-119317

17 Mar 2026 15:50Current

CVSS 3.16.5

CVSS 47.1

EPSS0.00058

CWE-457