CVE-2026-9750

An authenticated user can cause a MongoDB server to crash or return incorrect results by creating documents that interfere with internal metadata processing during query execution. This stems from insufficient separation between user-controlled document fields and internal metadata in certain...

EUVD-2026-35863

Adding fromRouter:true and runtimeConstants.userRoles could cause aggregations to crash mongodb server...

CVE-2026-9750 Metadata name collision on $-prefixed fields causes post-auth server crash

An authenticated user can cause a MongoDB server to crash or return incorrect results by creating documents that interfere with internal metadata processing during query execution. This stems from insufficient separation between user-controlled document fields and internal metadata in certain...

CVE-2026-9750 Metadata name collision on $-prefixed fields causes post-auth server crash

An authenticated user can cause a MongoDB server to crash or return incorrect results by creating documents that interfere with internal metadata processing during query execution. This stems from insufficient separation between user-controlled document fields and internal metadata in certain...

CVE-2026-9750

CVE-2026-9750 affects MongoDB: an authenticated user can cause a server crash or incorrect query results by crafting documents that clash with internal metadata during query execution. The root cause is insufficient separation between user-controlled document fields and internal metadata in certa...

Metadata name collision on $-prefixed fields causes post-auth server crash

An authenticated user can cause a MongoDB server to crash or return incorrect results by creating documents that interfere with internal metadata processing during query execution. This stems from insufficient separation between user-controlled document fields and internal metadata in certain...

Crafted cross-shard merge aggregation crashes MongoDB Server

Adding fromRouter:true and runtimeConstants.userRoles could cause aggregations to crash mongodb server...

CVE-2026-9747

The vulnerability CVE-2026-9747 affects MongoDB Server’s cross-shard merge aggregation. When building aggregations, using fromRouter:true with runtimeConstants.userRoles may cause the server to crash. The connected documentation confirms the issue but provides no details on mitigations; exploitat...

PT-2026-48300

An authenticated user can cause a MongoDB server to crash or return incorrect results by creating documents that interfere with internal metadata processing during query execution. This stems from insufficient separation between user-controlled document fields and internal metadata in certain...

CVE-2026-8336 Post-authentication use-after-free error in $_internalJsEmit and mapreduce commands

After invoking $internalJsEmit, which is not intended to be directly accessible, or mapreduce command’s map function in a certain way, an authenticated user can subsequently crash mongod when the server-side JavaScript engine through $where, $function, mapreduce reduce stage, etc. is used also in...

Linux Distros Unpatched Vulnerability : CVE-2026-25611

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A series of specifically crafted, unauthenticated messages can exhaust available memory and crash a MongoDB server. CVE-2026-25611 Note that Nessus relies on th...

CVE-2026-25611

A series of specifically crafted, unauthenticated messages can exhaust available memory and crash a MongoDB server...

UBUNTU-CVE-2026-25611

A series of specifically crafted, unauthenticated messages can exhaust available memory and crash a MongoDB server...

PT-2026-7415

Name of the Vulnerable Software and Affected Versions MongoDB versions 3.4 and later Description A flaw in MongoDB’s OP COMPRESSED handling allows unauthenticated attackers to crash servers with minimal traffic. The issue arises because MongoDB allocates approximately 48MB of memory per connectio...

CVE-2025-11979

An authorized user may crash the MongoDB server by causing buffer over-read. This can be done by issuing a DDL operation while queries are being issued, under some conditions. This issue affects MongoDB Server v7.0 versions prior to 7.0.25, MongoDB Server v8.0 versions prior to 8.0.15, and MongoD...

FreeBSD : mongodb -- Malformed $group Query May Cause MongoDB Server to Crash (a5395e02-a2ca-11f0-8402-b42e991fc52e)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the a5395e02-a2ca-11f0-8402-b42e991fc52e advisory. [email protected] reports: An authorized user can cause a crash in the MongoDB Server through a specially...

BIT-MONGODB-2025-7259 Certain Queries with Duplicate _id Fields May Cause MongoDB Server to Crash

An authorized user can issue queries with duplicate id fields, that leads to unexpected behavior in MongoDB Server, which may result to crash. This issue can only be triggered by authorized users and cause Denial of Service. This issue affects MongoDB Server v8.1 version 8.1.0...

Linux Distros Unpatched Vulnerability : CVE-2025-6706

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An authenticated user may trigger a use after free that may result in MongoDB Server crash and other unexpected behavior, even if the user does not have...

CVE-2025-10061

An authorized user can cause a crash in the MongoDB Server through a specially crafted $group query. This vulnerability is related to the incorrect handling of certain accumulator functions when additional parameters are specified within the $group operation. This vulnerability could lead to deni...

UBUNTU-CVE-2025-6706

An authenticated user may trigger a use after free that may result in MongoDB Server crash and other unexpected behavior, even if the user does not have authorization to shut down a server. The crash is triggered on affected versions by issuing an aggregation framework operation using a specific...