12 matches found
PT-2026-48293
Name of the Vulnerable Software and Affected Versions MongoDB Server affected versions not specified Description An issue exists where the use of fromRouter:true and runtimeConstants.userRoles can cause aggregations to crash the MongoDB server. Recommendations At the moment, there is no informati...
CVE-2026-25611
A series of specifically crafted, unauthenticated messages can exhaust available memory and crash a MongoDB server...
CVE-2026-25611
A series of specifically crafted, unauthenticated messages can exhaust available memory and crash a MongoDB server...
MongoDB Server -- CWE-617 Reachable Assertion
https://jira.mongodb.org/browse/SERVER-99119 reports: An authorized user may trigger a server crash by running a $geoNear pipeline with certain invalid index hints...
BIT-MONGODB-2025-10061 Malformed $group Query May Cause MongoDB Server to Crash
An authorized user can cause a crash in the MongoDB Server through a specially crafted $group query. This vulnerability is related to the incorrect handling of certain accumulator functions when additional parameters are specified within the $group operation. This vulnerability could lead to deni...
CVE-2025-10061 Malformed $group Query May Cause MongoDB Server to Crash
An authorized user can cause a crash in the MongoDB Server through a specially crafted $group query. This vulnerability is related to the incorrect handling of certain accumulator functions when additional parameters are specified within the $group operation. This vulnerability could lead to deni...
mongodb -- Malformed $group Query May Cause MongoDB Server to Crash
[email protected] reports: An authorized user can cause a crash in the MongoDB Server through a specially crafted $group query. This vulnerability is related to the incorrect handling of certain accumulator functions when additional parameters are specified within the $group operation. This...
CVE-2025-6706
An authenticated user may trigger a use after free that may result in MongoDB Server crash and other unexpected behavior, even if the user does not have authorization to shut down a server. The crash is triggered on affected versions by issuing an aggregation framework operation using a specific...
CVE-2025-6706
CVE-2025-6706 affects MongoDB Server when the SBE engine is enabled. An authenticated user can trigger a use-after-free via a specific aggregation pipeline pattern, potentially crashing the server and causing other unexpected behavior without needing shutdown privileges. Affected versions are Mon...
CVE-2025-6706 Running certain aggregation operations with the SBE engine may lead to unexpected behavior on MongoDB Server
An authenticated user may trigger a use after free that may result in MongoDB Server crash and other unexpected behavior, even if the user does not have authorization to shut down a server. The crash is triggered on affected versions by issuing an aggregation framework operation using a specific...
CVE-2025-3084 MongoDB Server may crash due to improper validation of explain command
When run on commands with certain arguments set, explain may fail to validate these arguments before using them. This can lead to crashes in router servers. This affects MongoDB Server v5.0 prior to 5.0.31, MongoDB Server v6.0 prior to 6.0.20, MongoDB Server v7.0 prior to 7.0.16 and MongoDB Serve...
CVE-2025-3084
CVE-2025-3084 affects MongoDB Server: 5.0 before 5.0.31, 6.0 before 6.0.20, 7.0 before 7.0.16, and 8.0 before 8.0.4. The root cause is improper validation of parameters for the explain command, which may be used to crash router servers. Impact is denial of service / crash (availability impact). R...