2mxdev-gql-gateway (=1.0.0), @2mxdev/gql-gateway (>=1.0.0 <=4.0.2) +207 more potentially affected by CVE-2026-32621 via @apollo/query-planner (>=0.0.11 <=2.9.5)

@apollo/query-planner NPM version =0.0.11, =1.0.0, =0.24.2, =1.0.0, =0.0.1-feature-ci-publish.2, =0.0.1-feature-ci-publish.2, =0.6.5, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =0.0.1, =0.0.22 and more Source cves: CVE-2026-32621 Source advisory: OSV:GHSA-PFJJ-6F4P-RVMH...

Prototype Pollution

Overview @apollo/query-planner is an Apollo Query Planner Affected versions of this package are vulnerable to Prototype Pollution through incomplete sanitization of input in the query plan execution. An attacker can manipulate the Object.prototype in the gateway by crafting operations with field...

@apollo/gateway (>=2.0.0 <=2.14.0), @dfanchon/gateway (=2.11.0) +68 more potentially affected by CVE-2026-32621 via @apollo/query-planner (>=2.10.0-alpha.0 <=2.9.5)

@apollo/query-planner NPM version =2.10.0-alpha.0, =2.0.0, =0.0.2-beta.4, =1.0.52, =1.7.3, =3.0.5, =3.0.4, =0.2.0, =0.11.46, =1.0.0, =1.0.0, =1.0.0, =0.0.1, =8.6.7, =11.5.0 and more Source cves: CVE-2026-32621 Source advisory: SNYK:JS-APOLLOQUERYPLANNER-15612460...

ROS-20260311-73-0008

A vulnerability in the MongoDB Query Planner component of the MongoDB kernel is related to unrestricted resource allocation. Exploitation of the vulnerability could allow a remote attacker to cause a denial-of-service condition...

BIT-MONGODB-2026-25613 An unsafe cast in the MongoDB query planner can result in a segmentation fault.

An authorized user may disable the MongoDB server by issuing a query against a collection that contains an invalid compound wildcard index...

BIT-MONGODB-2026-1850 An authorized user may disable the MongoDB server by issuing a certain type of complex query due to boolean expression simplification

Complex queries can cause excessive memory usage in MongoDB Query Planner resulting in an Out-Of-Memory Crash...

MongoDB 8.0.x < 8.0.18 / 8.2.x < 8.2.4 Out-Of-Memory (SERVER-114126)

The version of MongoDB installed on the remote host is 8.0 prior to 8.0.18 and 8.2 prior to 8.2.4. It is, therefore, affected by a vulnerability as referenced in the SERVER-114126 advisory. - Complex queries can cause excessive memory usage in MongoDB Query Planner resulting in an Out-Of-Memory...

CVE-2026-1850

Complex queries can cause excessive memory usage in MongoDB Query Planner resulting in an Out-Of-Memory Crash...

CVE-2026-1850

Complex queries can cause excessive memory usage in MongoDB Query Planner resulting in an Out-Of-Memory Crash...

CVE-2026-1850

Complex queries can cause excessive memory usage in MongoDB Query Planner resulting in an Out-Of-Memory Crash...

CVE-2026-1850

Complex queries can cause excessive memory usage in MongoDB Query Planner resulting in an Out-Of-Memory Crash...

UBUNTU-CVE-2026-1850

Complex queries can cause excessive memory usage in MongoDB Query Planner resulting in an Out-Of-Memory Crash...

CVE-2026-25613 An unsafe cast in the MongoDB query planner can result in a segmentation fault.

An authorized user may disable the MongoDB server by issuing a query against a collection that contains an invalid compound wildcard index...

CVE-2026-25613 An unsafe cast in the MongoDB query planner can result in a segmentation fault.

An authorized user may disable the MongoDB server by issuing a query against a collection that contains an invalid compound wildcard index...

CVE-2026-25613

CVE-2026-25613 : MongoDB server vulnerability where an authorized user can disable the server by issuing a query against a collection that contains an invalid compound wildcard index. Root cause described in connected documents is related to incorrect data handling of compound wildcard indexes, e...

An unsafe cast in the MongoDB query planner can result in a segmentation fault.

An authorized user may disable the MongoDB server by issuing a query against a collection that contains an invalid compound wildcard index...

CVE-2026-1850

Complex queries can cause excessive memory usage in MongoDB Query Planner resulting in an Out-Of-Memory Crash...

CVE-2026-1850 An authorized user may disable the MongoDB server by issuing a certain type of complex query due to boolean expression simplification

Complex queries can cause excessive memory usage in MongoDB Query Planner resulting in an Out-Of-Memory Crash...

CVE-2026-1850 An authorized user may disable the MongoDB server by issuing a certain type of complex query due to boolean expression simplification

Complex queries can cause excessive memory usage in MongoDB Query Planner resulting in an Out-Of-Memory Crash...

CVE-2026-1850

CVE-2026-1850: Complex queries can cause excessive memory usage in the MongoDB Query Planner, leading to an Out-Of-Memory crash. Affected component: MongoDB Query Planner. Root cause: excessive memory consumption from complex queries. Impact: availability high (per CVSS 4.0), with no confidential...