Control Character Injection

Mongosh is vulnerable to Control Character Injection. The vulnerability is due to improper input handling due to an attacker controlling the autocompletion feature, allowing the execution of obfuscated malicious text when a user presses ‘tab’ to autocomplete input...

Local Privilege Escalation

Mongosh is vulnerable to local privilege escalation. The vulnerability is due to improper handling of library loading paths, where mongosh searches for and executes files from C:\nodemodules\ without proper validation, allowing an attacker to place a malicious file and gain elevated privileges...

Improper Neutralization

Mongosh is vulnerable to Improper Neutralization. The vulnerability is due to improper input sanitization due to an attacker being able to manipulate a user's clipboard, leading to the pasting of obfuscated malicious code that is executed in mongosh...

CVE-2025-1756

mongosh may be susceptible to local privilege escalation under certain conditions potentially enabling unauthorized actions on a user's system with elevated privilege, when a crafted file is stored in C:\nodemodules\. This issue affects mongosh prior to 2.3.0...

mongosh vulnerable to local privilege escalation

mongosh may be susceptible to local privilege escalation under certain conditions potentially enabling unauthorized actions on a user's system with elevated privilege, when a crafted file is stored in C:\nodemodules. This issue affects mongosh prior to 2.3.0...

@gnar-engine/core (>=1.0.1 <=1.0.23) potentially affected by CVE-2025-1756 via mongosh (=1.10.6)

mongosh NPM version =1.10.6 is affected by a known vulnerability. The following packages have a transitive dependency on mongosh and may be impacted: - @gnar-engine/core =1.0.1, =1.0.23 Source cves: CVE-2025-1756 Source advisory: OSV:GHSA-F5W3-73H4-JPCM...

GHSA-F5W3-73H4-JPCM mongosh vulnerable to local privilege escalation

mongosh may be susceptible to local privilege escalation under certain conditions potentially enabling unauthorized actions on a user's system with elevated privilege, when a crafted file is stored in C:\nodemodules. This issue affects mongosh prior to 2.3.0...

CVE-2025-1756

mongosh may be susceptible to local privilege escalation under certain conditions potentially enabling unauthorized actions on a user's system with elevated privilege, when a crafted file is stored in C:\nodemodules. This issue affects mongosh prior to 2.3.0...

@gnar-engine/core (>=1.0.1 <=1.0.23) potentially affected by CVE-2025-1693 via mongosh (=1.10.6)

mongosh NPM version =1.10.6 is affected by a known vulnerability. The following packages have a transitive dependency on mongosh and may be impacted: - @gnar-engine/core =1.0.1, =1.0.23 Source cves: CVE-2025-1693 Source advisory: OSV:GHSA-R95J-4JVF-MRRW...

@gnar-engine/core (>=1.0.1 <=1.0.23) potentially affected by CVE-2025-1691 via mongosh (=1.10.6)

mongosh NPM version =1.10.6 is affected by a known vulnerability. The following packages have a transitive dependency on mongosh and may be impacted: - @gnar-engine/core =1.0.1, =1.0.23 Source cves: CVE-2025-1691 Source advisory: OSV:GHSA-43G5-2WR2-Q7VJ...

PT-2025-8939

Name of the Vulnerable Software and Affected Versions mongosh versions prior to 2.3.9 Description The MongoDB Shell may be susceptible to control character injection, allowing an attacker with control over the database cluster contents to inject control characters into the shell output. This can...

PT-2025-8938

Name of the Vulnerable Software and Affected Versions mongosh versions prior to 2.3.9 Description The MongoDB Shell may be susceptible to control character injection, allowing an attacker with control of the user's clipboard to manipulate them into pasting text that evaluates arbitrary code...