359 matches found
MongoDB 4.4.x < 4.4.31 / 5.0.x < 5.0.34 / 6.0.x < 6.0.29 / 7.0.x < 7.0.37 / 8.0.x < 8.0.26 / 8.2.x < 8.2.11 / 8.3.x < 8.3.4 Use-After-Free (CVE-2026-11933)
The version of MongoDB installed on the remote host is 4.4.x prior to 4.4.31, 5.0.x prior to 5.0.34, 6.0.x prior to 6.0.29, 7.0.x prior to 7.0.37, 8.0.x prior to 8.0.26, 8.2.x prior to 8.2.11, or 8.3.x prior to 8.3.4. It is, therefore, affected by a use-after-free vulnerability: - A use-after-fre...
CVE-2026-11933
A use-after-free vulnerability exists in MongoDB Server's server-side JavaScript engine when converting BSON documents to JavaScript arrays. An authenticated user with read privileges who is able to run server-side JavaScript for example, via $where or $function can cause the server to access...
UBUNTU-CVE-2026-11933
A use-after-free vulnerability exists in MongoDB Server's server-side JavaScript engine when converting BSON documents to JavaScript arrays. An authenticated user with read privileges who is able to run server-side JavaScript for example, via $where or $function can cause the server to access...
EUVD-2026-36373
A use-after-free vulnerability exists in MongoDB Server's server-side JavaScript engine when converting BSON documents to JavaScript arrays. An authenticated user with read privileges who is able to run server-side JavaScript for example, via $where or $function can cause the server to access...
CVE-2026-11933 Post-authentication use-after-free in server-side JavaScript BSON-to-array conversion
A use-after-free vulnerability exists in MongoDB Server's server-side JavaScript engine when converting BSON documents to JavaScript arrays. An authenticated user with read privileges who is able to run server-side JavaScript for example, via $where or $function can cause the server to access...
CVE-2026-11933 Post-authentication use-after-free in server-side JavaScript BSON-to-array conversion
A use-after-free vulnerability exists in MongoDB Server's server-side JavaScript engine when converting BSON documents to JavaScript arrays. An authenticated user with read privileges who is able to run server-side JavaScript for example, via $where or $function can cause the server to access...
CVE-2026-11933
Technical details (affected products, versions, root cause, and remediation) are not publicly available in the provided documents. Please monitor for updates.
Post-authentication use-after-free in server-side JavaScript BSON-to-array conversion
A use-after-free vulnerability exists in MongoDB Server's server-side JavaScript engine when converting BSON documents to JavaScript arrays. An authenticated user with read privileges who is able to run server-side JavaScript for example, via $where or $function can cause the server to access...
PT-2026-48817
Name of the Vulnerable Software and Affected Versions MongoDB Server affected versions not specified Description A use-after-free memory corruption flaw exists in the server-side JavaScript engine when converting BSON documents to JavaScript arrays. An authenticated user with read privileges who...
MongoDB 7.0.x < 7.0.35 / 8.0.x < 8.0.24 / 8.2.x < 8.2.10 / 8.3.x < 8.3.3 Multiple Vulnerabilities
The version of MongoDB installed on the remote host is 7.0.x prior to 7.0.35, 8.0.x prior to 8.0.24, 8.2.x prior to 8.2.10, or 8.3.x prior to 8.3.3. It is, therefore, affected by multiple vulnerabilities: - The $internalApplyOplogUpdate aggregation pipeline stage can be used to execute a document...
Linux Distros Unpatched Vulnerability : CVE-2026-9740
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability in MongoDB Server's BSON validation logic allows an unauthenticated user to crash the mongod process by sending a specially crafted message. The...
CVE-2026-9740
A vulnerability in MongoDB Server's BSON validation logic allows an unauthenticated user to crash the mongod process by sending a specially crafted message. The BSON validator's handling of certain nested binary data structures permits uncontrolled mutual recursion between validation functions,...
UBUNTU-CVE-2026-9740
A vulnerability in MongoDB Server's BSON validation logic allows an unauthenticated user to crash the mongod process by sending a specially crafted message. The BSON validator's handling of certain nested binary data structures permits uncontrolled mutual recursion between validation functions,...
CVE-2026-9740 Unbounded recursion in BSONColumn interleaved-reference causes pre-auth stack overflow
A vulnerability in MongoDB Server's BSON validation logic allows an unauthenticated user to crash the mongod process by sending a specially crafted message. The BSON validator's handling of certain nested binary data structures permits uncontrolled mutual recursion between validation functions,...
CVE-2026-9740
Affected software: MongoDB Server. Vulnerability: BSON validation logic allows unauthenticated users to crash mongod via a specially crafted message. The BSON validator’s handling of certain nested binary data structures enables uncontrolled mutual recursion, where each re-entry resets internal d...
MongoDB Server 安全漏洞
MongoDB Server is an open-source NoSQL database developed by MongoDB, a US-based company. This database offers features such as collection-oriented storage, dynamic querying, data replication, and automatic failover. There is a security vulnerability in MongoDB Server, which stems from the BSON...
CVE-2026-6811
A flaw was found in the MongoDB PHP driver. This stack exhaustion vulnerability can lead to application crashes when the driver processes deeply nested BSON Binary JSON documents. This can occur in unusual circumstances when the BSON documents originate from a source other than a MongoDB server,...
CVE-2026-6914
Computing the MD5 checksum of a malformed BSON object under specific conditions may cause loss of availability in MongoDB server. This issue affects all MongoDB Server v8.2 versions, all MongoDB Server v8.1 versions, MongoDB Server v8.0 versions prior to 8.0.21, MongoDB Server v7.0 versions prior...
Astra Linux - уязвимость в pymongo
A out-of-bounds read in the ‘bson’ module of PyMongo 4.6.2 or earlier allows for deserialization of malformed BSON data provided by the server, which can trigger an exception that may contain arbitrary application memory...
PT-2026-41790
Name of the Vulnerable Software and Affected Versions OpenTelemetry eBPF Instrumentation versions 0.1.0 through 0.8.0 Description Malformed MongoDB wire messages can trigger uncaught panics in the MongoDB TCP parser, allowing a remote unauthenticated attacker to crash the telemetry agent and caus...