8 matches found
CVE-2026-9753
The $internalApplyOplogUpdate aggregation pipeline stage can be used to execute a document diff containing a malformed binary diff to return memory out-of-bounds or crash the server. $internalApplyOplogUpdate can be executed by any authenticated user with access to the aggregate command...
CVE-2026-9743
In MongoDB Server 8.0, an aggregation stage can leave its subPipeline field null during processing of certain pipelines. If a getMore is subsequently issued on the same cursor, the server may dereference this null sub-pipeline when reattaching to the operation context, accessing an invalid addres...
CVE-2026-9753
The $internalApplyOplogUpdate aggregation pipeline stage can be used to execute a document diff containing a malformed binary diff to return memory out-of-bounds or crash the server. $internalApplyOplogUpdate can be executed by any authenticated user with access to the aggregate command...
Client side encryption fails to encrypt values in a $vectorSearch
A bug in query analysis processing of the $vectorSearch aggregation stage for Queryable Encryption QE or Client-Side Field Level Encryption CSFLE results in literal values for encrypted fields within the $vectorSearch stage filter expressions to be sent to the server as plaintext instead of...
PT-2026-48291
Name of the Vulnerable Software and Affected Versions MongoDB Server version 8.0 Description An aggregation stage can leave its subPipeline field null during the processing of specific pipelines. If a getMore command is subsequently issued on the same cursor, the server may dereference this null...
FreeBSD : mongodb -- MongoDB Server access to non-initialized memory (a9dc3c61-a20f-11f0-91d8-b42e991fc52e)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the a9dc3c61-a20f-11f0-91d8-b42e991fc52e advisory. [email protected] reports: MongoDB Server may access non-initialized region of memory leading to unexpect...
EUVD-2024-49327
Malicious code in bioql PyPI...
PT-2024-39153
Name of the Vulnerable Software and Affected Versions: MongoDB Server version 6.0.3 Description: The issue is related to MongoDB Server accessing a non-initialized region of memory, leading to unexpected behavior when zero arguments are called in an internal aggregation stage. Recommendations: Fo...