4 matches found
MongoDB 8.2.x < 8.2.10 / 8.3.x < 8.3.3 Multiple Vulnerabilities
The version of MongoDB installed on the remote host is 8.2.x prior to 8.2.10, or 8.3.x prior to 8.3.3. It is, therefore, affected by multiple vulnerabilities: - When OIDC authentication is enabled in configuration, clients may set specific values in the 'mechanism' parameter of the 'authenticate'...
Calling createIndex with certain index types can crash mongod
Creating a "2dspherebucket" index on a non-timeseries bucket collection will succeed, but any subsequent attempt to insert a document which triggers updating that index will crash the server. A similar issue occurs when creating "queryableencryptedrange" indices. This issue affects MongoDB Server...
EUVD-2026-29891
When schema validation is enabled on a collection and an update or insert would violate the collection's schema, the local server log message generated may not have all user data redacted. This issue impacts MongoDB Server v7.0 versions prior to 7.0.34, v8.0 versions prior to 8.0.23, v8.2 version...
CVE-2025-13644
MongoDB Server may experience an invariant failure during batched delete operations when handling documents. The issue arises when the server mistakenly assumes the presence of multiple documents in a batch based solely on document size exceeding BSONObjMaxSize. This issue affects MongoDB Server...