20 matches found
CVE-2026-4358
A specially crafted aggregation query with $lookup by an authenticated user with write privileges can cause a double-free or use-after-free memory issue in the slot-based execution SBE engine when an in-memory hash table is spilled to disk...
PT-2026-25907
Name of the Vulnerable Software and Affected Versions MongoDB Server affected versions not specified Description A use-after-free issue can occur in sharded clusters when a user with read access submits a specifically designed aggregation pipeline using either the $lookup or $graphLookup operator...
EUVD-2021-18906
Malware in sbrugna...
EUVD-2025-20265
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2021-32040
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - It may be possible to have an extremely long aggregation pipeline in conjunction with a specific stage/operator and cause a stack overflow due to the size of th...
MongoDB 6.0.x < 6.0.22 / 7.0.x < 7.0.20 / 8.0.x < 8.0.7 Privilege Escalation (SERVER-106752)
The version of MongoDB installed on the remote host is 6.0 prior to 6.0.22, 7.0 prior to 7.0.20 and 8.0 prior to 8.0.7. It is, therefore, affected by a vulnerability as referenced in the SERVER-106752 advisory. - An unauthorized user may leverage a specially crafted aggregation pipeline to access...
MongoDB Server Authorization Issues Vulnerability (CNVD-2025-15515)
MongoDB Server is the United States MongoDB company's set of open source NoSQL database . The database provides collection-oriented storage , dynamic query , data replication and automatic failover and other functions . A security vulnerability exists in MongoDB Server versions prior to 8.0.7,...
CVE-2025-6713
An unauthorized user may leverage a specially crafted aggregation pipeline to access data without proper authorization due to improper handling of the $mergeCursors stage in MongoDB Server. This may lead to access to data without further authorisation. This issue affects MongoDB Server MongoDB...
UBUNTU-CVE-2025-6713
An unauthorized user may leverage a specially crafted aggregation pipeline to access data without proper authorization due to improper handling of the $mergeCursors stage in MongoDB Server. This may lead to access to data without further authorisation. This issue affects MongoDB Server MongoDB...
CVE-2025-6713
CVE-2025-6713 affects MongoDB Server: versions before 8.0.7 (8.0.x), 7.0 before 7.0.19, and 6.0 before 6.0.22 are vulnerable due to improper handling of the $mergeCursors stage in aggregation pipelines. An unauthorized user can potentially access data without proper authorization through crafted ...
CVE-2025-6713 MongoDB Server may be susceptible to privilege escalation due to $mergeCursors stage
An unauthorized user may leverage a specially crafted aggregation pipeline to access data without proper authorization due to improper handling of the $mergeCursors stage in MongoDB Server. This may lead to access to data without further authorisation. This issue affects MongoDB Server MongoDB...
PT-2025-28179
Name of the Vulnerable Software and Affected Versions: MongoDB Server versions prior to 8.0.7 MongoDB Server versions prior to 7.0.20 MongoDB Server versions prior to 6.0.22 Description: An unauthorized user may leverage a specially crafted aggregation pipeline to access data without proper...
MongoDB -- may be susceptible to privilege escalation due to $mergeCursors stage
[email protected] reports: An unauthorized user may leverage a specially crafted aggregation pipeline to access data without proper authorization due to improper handling of the $mergeCursors stage in MongoDB Server. This may lead to access to data without further authorisation...
MongoDB Server 安全漏洞
MongoDB Server is the United States MongoDB company's set of open source NoSQL database . The database provides collection-oriented storage , dynamic query , data replication and automatic failover and other functions . A security vulnerability exists in MongoDB Server versions prior to 8.0.7,...
CVE-2025-6706
An authenticated user may trigger a use after free that may result in MongoDB Server crash and other unexpected behavior, even if the user does not have authorization to shut down a server. The crash is triggered on affected versions by issuing an aggregation framework operation using a specific...
UBUNTU-CVE-2025-6706
An authenticated user may trigger a use after free that may result in MongoDB Server crash and other unexpected behavior, even if the user does not have authorization to shut down a server. The crash is triggered on affected versions by issuing an aggregation framework operation using a specific...
UBUNTU-CVE-2021-32040
It may be possible to have an extremely long aggregation pipeline in conjunction with a specific stage/operator and cause a stack overflow due to the size of the stack frames used by that stage. If an attacker could cause such an aggregation to occur, they could maliciously crash MongoDB in a DoS...
CVE-2021-32040
CVE-2021-32040 affects MongoDB Server, where an extremely long aggregation pipeline combined with a specific stage/operator can cause a stack overflow and crash the server (a DoS condition). Affected releases include MongoDB Server v4.4 up to 4.4.28, v5.0 up to 5.0.4, and v4.2 up to 4.2.16. The r...
CVE-2021-32040 Large aggregation pipelines with a specific stage can crash mongod under default configuration
It may be possible to have an extremely long aggregation pipeline in conjunction with a specific stage/operator and cause a stack overflow due to the size of the stack frames used by that stage. If an attacker could cause such an aggregation to occur, they could maliciously crash MongoDB in a DoS...
PT-2022-10064 · Mongodb +1 · Mongodb Server +2
Name of the Vulnerable Software and Affected Versions: MongoDB Server versions prior to 4.2.16 MongoDB Server versions 4.4 prior to and including 4.4.28 MongoDB Server versions 5.0 prior to 5.0.4 Description: It may be possible to have an extremely long aggregation pipeline in conjunction with a...