470 matches found
CVE-2026-11933 Post-authentication use-after-free in server-side JavaScript BSON-to-array conversion
A use-after-free vulnerability exists in MongoDB Server's server-side JavaScript engine when converting BSON documents to JavaScript arrays. An authenticated user with read privileges who is able to run server-side JavaScript for example, via $where or $function can cause the server to access...
Linux Distros Unpatched Vulnerability : CVE-2026-9740
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability in MongoDB Server's BSON validation logic allows an unauthenticated user to crash the mongod process by sending a specially crafted message. The...
CVE-2026-9747
Adding fromRouter:true and runtimeConstants.userRoles could cause aggregations to crash mongodb server...
CVE-2026-9740
A vulnerability in MongoDB Server's BSON validation logic allows an unauthenticated user to crash the mongod process by sending a specially crafted message. The BSON validator's handling of certain nested binary data structures permits uncontrolled mutual recursion between validation functions,...
UBUNTU-CVE-2026-9747
Adding fromRouter:true and runtimeConstants.userRoles could cause aggregations to crash mongodb server...
CVE-2026-9740 Unbounded recursion in BSONColumn interleaved-reference causes pre-auth stack overflow
A vulnerability in MongoDB Server's BSON validation logic allows an unauthenticated user to crash the mongod process by sending a specially crafted message. The BSON validator's handling of certain nested binary data structures permits uncontrolled mutual recursion between validation functions,...
CVE-2026-9740
Affected software: MongoDB Server. Vulnerability: BSON validation logic allows unauthenticated users to crash mongod via a specially crafted message. The BSON validator’s handling of certain nested binary data structures enables uncontrolled mutual recursion, where each re-entry resets internal d...
MongoDB Server 安全漏洞
MongoDB Server is an open-source NoSQL database developed by MongoDB, a US-based company. This database offers features such as collection-oriented storage, dynamic querying, data replication, and automatic failover. There is a security vulnerability in MongoDB Server, which stems from the...
MongoDB Server 安全漏洞
MongoDB Server is an open-source NoSQL database developed by MongoDB, a US-based company. This database offers features such as collection-oriented storage, dynamic querying, data replication, and automatic failover. There is a security vulnerability in MongoDB Server, which stems from insufficie...
PT-2026-48293
Name of the Vulnerable Software and Affected Versions MongoDB Server affected versions not specified Description An issue exists where the use of fromRouter:true and runtimeConstants.userRoles can cause aggregations to crash the MongoDB server. Recommendations At the moment, there is no informati...
MongoDB Server 安全漏洞
MongoDB Server is an open-source NoSQL database developed by MongoDB, Inc. This database offers features such as collection-oriented storage, dynamic querying, data replication, and automatic failover. There is a security vulnerability in MongoDB Server, which arises from triggering invariant...
MongoDB Server 安全漏洞
MongoDB Server is an open-source NoSQL database developed by MongoDB, a US-based company. This database offers features such as collection-oriented storage, dynamic querying, data replication, and automatic failover. There is a security vulnerability in MongoDB Server, which stems from the abilit...
MongoDB Server 代码问题漏洞
MongoDB Server is an open-source NoSQL database developed by MongoDB, a US-based company. This database offers features such as collection-oriented storage, dynamic querying, data replication, and automatic failover. Version 8.0 of MongoDB Server contains a code vulnerability. This vulnerability...
MongoDB Server 安全漏洞
MongoDB Server is an open-source NoSQL database developed by MongoDB, Inc. This database offers features such as collection-oriented storage, dynamic querying, data replication, and automatic failover. There is a security vulnerability in MongoDB Server, which stems from the use of PauseExecution...
MongoDB Server 安全漏洞
MongoDB Server is an open-source NoSQL database developed by MongoDB Corporation in the United States. This database offers features such as collection-oriented storage, dynamic querying, data replication, and automatic failover. There is a security vulnerability in MongoDB Server, which arises...
MongoDB Server 安全漏洞
MongoDB Server is an open-source NoSQL database developed by MongoDB, a US-based company. This database offers features such as collection-oriented storage, dynamic querying, data replication, and automatic failover. There is a security vulnerability in MongoDB Server, which can cause server...
CVE-2026-8202
Using a densely populated chars mask and a large input string in the MongoDB aggregation operators $trim, $ltrim, and $rtrim, an authenticated user with aggregation permissions can pin CPU utilization at 100% for an extended period of time. This issue impacts MongoDB Server v7.0 versions prior to...
CVE-2026-8199
An authenticated user can cause excess memory usage via bitwise match expression AST processing of $bitsAllSet, $bitsAnySet, $bitsAllClear, and $bitsAnyClear. This contributes to memory pressure and may lead to availability loss by OOM. This issue impacts MongoDB Server v7.0 versions prior to...
CVE-2026-8843
Creating a "2dspherebucket" index on a non-timeseries bucket collection will succeed, but any subsequent attempt to insert a document which triggers updating that index will crash the server. A similar issue occurs when creating "queryableencryptedrange" indices. This issue affects MongoDB Server...
EUVD-2026-30777
Creating a "2dspherebucket" index on a non-timeseries bucket collection will succeed, but any subsequent attempt to insert a document which triggers updating that index will crash the server. A similar issue occurs when creating "queryableencryptedrange" indices. This issue affects MongoDB Server...