37 matches found
Linux Distros Unpatched Vulnerability : CVE-2026-9749
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - This issue can occur when running an aggregation pipeline that uses the internal $exchange stage configured with key-range partitioning and order-preserving...
MongoDB 8.0.x < 8.0.24 DoS
The version of MongoDB installed on the remote host is 8.0.x prior to 8.0.24. It is, therefore, affected by a denial of service vulnerability: - In Vulnerable MongoDB Server versions, an aggregation stage can leave its subPipeline field null during processing of certain pipelines. If a getMore is...
CVE-2026-9749
This issue can occur when running an aggregation pipeline that uses the internal $exchange stage configured with key-range partitioning and order-preserving delivery. If a single key range produces enough documents to fill its exchange buffer that is, many results are routed to the same consumer,...
EUVD-2026-35865
This issue can occur when running an aggregation pipeline that uses the internal $exchange stage configured with key-range partitioning and order-preserving delivery. If a single key range produces enough documents to fill its exchange buffer that is, many results are routed to the same consumer,...
CVE-2026-9749
This issue can occur when running an aggregation pipeline that uses the internal $exchange stage configured with key-range partitioning and order-preserving delivery. If a single key range produces enough documents to fill its exchange buffer that is, many results are routed to the same consumer,...
CVE-2026-9743
In MongoDB Server 8.0, an aggregation stage can leave its subPipeline field null during processing of certain pipelines. If a getMore is subsequently issued on the same cursor, the server may dereference this null sub-pipeline when reattaching to the operation context, accessing an invalid addres...
UBUNTU-CVE-2026-9749
This issue can occur when running an aggregation pipeline that uses the internal $exchange stage configured with key-range partitioning and order-preserving delivery. If a single key range produces enough documents to fill its exchange buffer that is, many results are routed to the same consumer,...
CVE-2026-9753 Server crash via malformed binary diff passed to $_internalApplyOplogUpdate.
The $internalApplyOplogUpdate aggregation pipeline stage can be used to execute a document diff containing a malformed binary diff to return memory out-of-bounds or crash the server. $internalApplyOplogUpdate can be executed by any authenticated user with access to the aggregate command...
CVE-2026-9753
The vulnerability CVE-2026-9753 affects MongoDB’s aggregation pipeline via the internal stage $_internalApplyOplogUpdate. The issue allows an attacker with authenticated access to the aggregate command to pass a document diff containing a malformed binary diff, which can cause memory out-of-bound...
CVE-2026-9749 Using MaxKey() may crash the server
This issue can occur when running an aggregation pipeline that uses the internal $exchange stage configured with key-range partitioning and order-preserving delivery. If a single key range produces enough documents to fill its exchange buffer that is, many results are routed to the same consumer,...
CVE-2026-9749
The CVE-2026-9749 entry describes a bug in MongoDB where an aggregation pipeline using the internal $exchange stage with key-range partitioning and order-preserving delivery can cause a server crash. When a single key range produces many results that fill its exchange buffer, the code path detect...
Using MaxKey() may crash the server
This issue can occur when running an aggregation pipeline that uses the internal $exchange stage configured with key-range partitioning and order-preserving delivery. If a single key range produces enough documents to fill its exchange buffer that is, many results are routed to the same consumer,...
CVE-2026-9749 Using MaxKey() may crash the server
This issue can occur when running an aggregation pipeline that uses the internal $exchange stage configured with key-range partitioning and order-preserving delivery. If a single key range produces enough documents to fill its exchange buffer that is, many results are routed to the same consumer,...
CVE-2026-9743 Aggregation sub-pipeline null dereference may allow DoS via crafted getMore
In MongoDB Server 8.0, an aggregation stage can leave its subPipeline field null during processing of certain pipelines. If a getMore is subsequently issued on the same cursor, the server may dereference this null sub-pipeline when reattaching to the operation context, accessing an invalid addres...
CVE-2026-9743 Aggregation sub-pipeline null dereference may allow DoS via crafted getMore
In MongoDB Server 8.0, an aggregation stage can leave its subPipeline field null during processing of certain pipelines. If a getMore is subsequently issued on the same cursor, the server may dereference this null sub-pipeline when reattaching to the operation context, accessing an invalid addres...
CVE-2026-9743
MongoDB Server 8.0 is affected by a vulnerability where an aggregation stage can leave its _subPipeline field null during processing. If a getMore is issued on the same cursor, the server may dereference the null sub-pipeline when reattaching to the operation context, leading to an invalid addres...
PT-2026-48295
Name of the Vulnerable Software and Affected Versions MongoDB affected versions not specified Description A buffer overflow can occur during the execution of an aggregation pipeline using the internal $exchange stage. This happens when the stage is configured with key-range partitioning and...
CVE-2026-4358
A specially crafted aggregation query with $lookup by an authenticated user with write privileges can cause a double-free or use-after-free memory issue in the slot-based execution SBE engine when an in-memory hash table is spilled to disk...
PT-2026-25907
Name of the Vulnerable Software and Affected Versions MongoDB Server affected versions not specified Description A use-after-free issue can occur in sharded clusters when a user with read access submits a specifically designed aggregation pipeline using either the $lookup or $graphLookup operator...
EUVD-2021-18906
Malware in sbrugna...