472 matches found
BIT-MONGODB-2026-6914 MD5 checksum creation may cause availability loss
Computing the MD5 checksum of a malformed BSON object under specific conditions may cause loss of availability in MongoDB server. This issue affects all MongoDB Server v8.2 versions, all MongoDB Server v8.1 versions, MongoDB Server v8.0 versions prior to 8.0.21, MongoDB Server v7.0 versions prior...
PT-2026-39160
Computing the MD5 checksum of a malformed BSON object under specific conditions may cause loss of availability in MongoDB server. This issue affects all MongoDB Server v8.2 versions, all MongoDB Server v8.1 versions, MongoDB Server v8.0 versions prior to 8.0.21, MongoDB Server v7.0 versions prior...
Linux Distros Unpatched Vulnerability : CVE-2026-8063
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An authenticated user can crash mongod when running $rankFusion or $scoreFusion with an empty pipeline on a view. When resolving a view, the server inspects the...
CVE-2026-8063
An authenticated user can crash mongod when running $rankFusion or $scoreFusion with an empty pipeline on a view. When resolving a view, the server inspects the aggregation pipeline to determine whether it begins with an Atlas Search stage. For $rankFusion and $scoreFusion, this inspection reads...
CVE-2026-8063
CVE-2026-8063 affects MongoDB Server 8.2
EUVD-2026-28326
An authenticated user can crash mongod when running $rankFusion or $scoreFusion with an empty pipeline on a view. When resolving a view, the server inspects the aggregation pipeline to determine whether it begins with an Atlas Search stage. For $rankFusion and $scoreFusion, this inspection reads...
FreeBSD : MongoDB Server -- Multiple vulnerabilities (67e31a04-49fa-11f1-9b23-b42e991fc52e)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 67e31a04-49fa-11f1-9b23-b42e991fc52e advisory. https://jira.mongodb.org/browse/SERVER-119981 reports: Tenable has extracted the preceding...
Linux Distros Unpatched Vulnerability : CVE-2026-6914
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Computing the MD5 checksum of a malformed BSON object under specific conditions may cause loss of availability in MongoDB server. This issue affects all MongoDB...
CVE-2026-6914
CVE-2026-6914 : The vulnerability arises from computing the MD5 checksum of a malformed BSON object, potentially causing loss of availability on MongoDB Server. Affected are all MongoDB Server v8.2, all v8.1, v8.0 prior to 8.0.21, and v7.0 prior to 7.0.32. The provided documents do not specify ex...
MongoDB Server 安全漏洞
MongoDB Server is an open-source NoSQL database developed by MongoDB, a US-based company. This database offers features such as collection-oriented storage, dynamic querying, data replication, and automatic failover. There is a security vulnerability in MongoDB Server, which stems from an...
MongoDB Server 数字错误漏洞
MongoDB Server is an open-source NoSQL database developed by MongoDB, a US-based company. This database offers features such as collection-oriented storage, dynamic querying, data replication, and automatic failover. There is a numerical error vulnerability in MongoDB Server, where the MD5 checks...
JLSEC-2026-180
Incorrect validation of files loaded from a local untrusted directory may allow local privilege escalation if the underlying operating systems is Windows. This may result in the application executing arbitrary behaviour determined by the contents of untrusted files. This issue affects MongoDB...
MongoDB Server 安全漏洞
MongoDB Server is an open-source NoSQL database developed by MongoDB, a US-based company. This database offers features such as collection-oriented storage, dynamic querying, data replication, and automatic failover. There is a security vulnerability in MongoDB Server, which stems from...
PT-2026-25907
Name of the Vulnerable Software and Affected Versions MongoDB Server affected versions not specified Description A use-after-free issue can occur in sharded clusters when a user with read access submits a specifically designed aggregation pipeline using either the $lookup or $graphLookup operator...
Security Bulletin: Vulnerabilities in MongoDB Server might affect IBM Storage Defender Copy Data Management
Summary IBM Storage Defender Copy Data Management can be affected by vulnerabilities in Zlib which use by MongoDB server. Vulnerability include mismatched length fields in Zlib compressed protocol headers may allow a read of uninitialized heap memory by an unauthenticated client as described by t...
Security Bulletin: Improper neutralization of null bytes may lead to buffer over-reads in MongoDB Server affecting MongoDB Enterprised Advanced (CVE-2024-10921)
Summary There is a vulnerability in MongoDB Server used in MongoDB Enterprised Advanced for IBM, involving improper neutralization of null bytes may lead to buffer over-reads in MongoDB Server. The vulnerability has been addressed. Vulnerability Details CVEID:CVE-2024-10921 DESCRIPTION: An...
FreeBSD : MongoDB Server -- Multiple vulnerabilities (77e32b14-0800-11f1-8a6f-b42e991fc52e)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 77e32b14-0800-11f1-8a6f-b42e991fc52e advisory. https://jira.mongodb.org/browse/SERVER-114126 reports: Complex queries can cause excessive...
FreeBSD : MongoDB Server -- CWE-704 Incorrect Type Conversion or Cast (7f9bac32-0800-11f1-8a6f-b42e991fc52e)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 7f9bac32-0800-11f1-8a6f-b42e991fc52e advisory. https://jira.mongodb.org/browse/SERVER-113685 reports: An authorized user may disable the MongoDB serve...
Linux Distros Unpatched Vulnerability : CVE-2026-1849
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - MongoDB Server may experience an out-of-memory failure while evaluating expressions that produce deeply nested documents. The issue arises in recursive function...
CVE-2026-25611
A series of specifically crafted, unauthenticated messages can exhaust available memory and crash a MongoDB server...