Latest vulnerabilities for "mongodb mongodb server"

MongoDB MongoDB ServerUnbounded recursion in BSONColumn interleaved-reference causes pre-auth stack overflow

Risk 47

Severity

8.7

First published (updated )

CVE-2026-9740

MongoDB MongoDB ServerKeyfile contents are in MongoDB Server logs

Risk 37

Severity

6.8

First published (updated )

CVE-2026-9735

MongoDB MongoDB ServerStack memory disclosure in filemd5 command

Risk 40

Severity

7.1

First published (updated )

CVE-2026-9754

MongoDB MongoDB ServerServer crash via malformed binary diff passed to $_internalApplyOplogUpdate.

Risk 60

Severity

7.2

First published (updated )

CVE-2026-9753

MongoDB MongoDB ServerGeometryCollection with strict-winding polygon causes server crash during 2dsphere index key generation

Risk 40

Severity

7.1

First published (updated )

CVE-2026-9752

MongoDB MongoDB ServerSensitive data could be written to mongod.log

Risk 37

Severity

6.8

First published (updated )

CVE-2026-9751

MongoDB MongoDB ServerMetadata name collision on $-prefixed fields causes post-auth server crash

Risk 40

Severity

7.1

First published (updated )

CVE-2026-9750

MongoDB MongoDB Server$_internalConvertBucketIndexStats may crash the mongod server when working on no timeseries input

Risk 40

Severity

7.1

First published (updated )

CVE-2026-9748

MongoDB MongoDB ServerCrafted cross-shard merge aggregation crashes MongoDB Server

Risk 40

Severity

7.1

First published (updated )

CVE-2026-9747

MongoDB MongoDB ServerServer crashes in case of the use of exchange

Risk 40

Severity

7.1

First published (updated )

CVE-2026-9746

MongoDB MongoDB ServerAggregation sub-pipeline null dereference may allow DoS via crafted getMore

Risk 40

Severity

7.1

First published (updated )

CVE-2026-9743

MongoDB MongoDB ServerCalling createIndex with certain index types can crash mongod

Risk 29

Severity

7.1

EPSS

0.04%

First published (updated )

CVE-2026-8843

MongoDB MongoDBPost-authentication CPU utilization DoS via $trim/$ltrim/$rtrim operators

Risk 27

Severity

5.3

EPSS

0.05%

First published (updated )

CVE-2026-8202

MongoDB MongoDBPost-authentication use-after-free error in $_internalJsEmit and mapreduce commands

Risk 51

Severity

7.7

EPSS

0.08%

First published (updated )

CVE-2026-8336

MongoDB MongoDBSchema validation log messages may not redact user data

Risk 19

Severity

4.8

EPSS

0.04%

First published (updated )

CVE-2026-8200

MongoDB MongoDBPost-auth memory exhaustion via bitwise match expressions

Risk 29

Severity

7.1

EPSS

0.05%

First published (updated )

CVE-2026-8199

MongoDB MongoDBFlatBSON Duplicate Field Index Drift

Risk 56

Severity

8.7

EPSS

0.07%

First published (updated )

CVE-2026-8053

MongoDB MongoDB ServerPost-auth null pointer dereference when aggregating against a view with empty search pipeline

Risk 29

Severity

7.1

EPSS

0.04%

First published (updated )

CVE-2026-8063

MongoDB MongoDBMD5 checksum creation may cause availability loss

Risk 31

Severity

7.1

EPSS

0.04%

First published (updated )

CVE-2026-6914

MongoDB MongoDBMemory safety issues in slot-based execution hash table spill

Risk 37

Severity

6.1

EPSS

0.08%

First published (updated )

CVE-2026-4358

MongoDB MongoDBExpressionContext use-after-free in classic engine $lookup and $graphLookup aggregation operators

Risk 56

Severity

8.8

EPSS

0.05%

First published (updated )

CVE-2026-4148

MongoDB MongoDBStack memory disclosure in filemd5 command

Risk 29

Severity

7.1

EPSS

0.03%

First published (updated )

CVE-2026-4147

MongoDB MongoDBMongod can run out of stack memory when expressions create deeply nested documents

Risk 43

Severity

7.5

First published (updated )

CVE-2026-1849

MongoDB MongoDBMongoDB Server may crash when inserting large documents

Risk 43

Severity

7.5

First published (updated )

CVE-2026-1847

MongoDB MongoDB ServerInternal ResourceId collision may affect unrelated collections

Risk 29

Severity

7.1

EPSS

0.04%

First published (updated )

CVE-2026-25612

MongoDB MongoDB ServerPre-Authentication Memory Exhaustion Denial of Service in MongoDB Server

Risk 33

Severity

8.7

EPSS

0.05%

First published (updated )

CVE-2026-25611

Detailed Analysis - MongoBleed (CVE-2025-14847): Memory Corruption in MongoDB

First published (updated )

Social

BleepingComputerCISA orders feds to patch MongoBleed flaw exploited in attacks

Exploited

Zeroday

First published (updated )

News

BleepingComputer

MongoDB unauth exploit released, patch immediately

First published (updated )

Social

BleepingComputerMongoDB warns admins to patch severe vulnerability immediately

Exploited

First published (updated )

News

BleepingComputer

Trending

MongoDB MongoDB ServerUnbounded recursion in BSONColumn interleaved-reference causes pre-auth stack overflow

MongoDB MongoDB ServerKeyfile contents are in MongoDB Server logs

MongoDB MongoDB ServerStack memory disclosure in filemd5 command

MongoDB MongoDB ServerServer crash via malformed binary diff passed to $_internalApplyOplogUpdate.

MongoDB MongoDB ServerGeometryCollection with strict-winding polygon causes server crash during 2dsphere index key generation

Don't miss critical vulnerabilities

MongoDB MongoDB ServerSensitive data could be written to mongod.log

MongoDB MongoDB ServerMetadata name collision on $-prefixed fields causes post-auth server crash

MongoDB MongoDB Server$_internalConvertBucketIndexStats may crash the mongod server when working on no timeseries input

MongoDB MongoDB ServerCrafted cross-shard merge aggregation crashes MongoDB Server

MongoDB MongoDB ServerServer crashes in case of the use of exchange

Don't miss critical vulnerabilities

MongoDB MongoDB ServerAggregation sub-pipeline null dereference may allow DoS via crafted getMore

MongoDB MongoDB ServerCalling createIndex with certain index types can crash mongod

MongoDB MongoDBPost-authentication CPU utilization DoS via $trim/$ltrim/$rtrim operators

MongoDB MongoDBPost-authentication use-after-free error in $_internalJsEmit and mapreduce commands

MongoDB MongoDBSchema validation log messages may not redact user data

Don't miss critical vulnerabilities

MongoDB MongoDBPost-auth memory exhaustion via bitwise match expressions

MongoDB MongoDBFlatBSON Duplicate Field Index Drift

MongoDB MongoDB ServerPost-auth null pointer dereference when aggregating against a view with empty search pipeline

MongoDB MongoDBMD5 checksum creation may cause availability loss

MongoDB MongoDBMemory safety issues in slot-based execution hash table spill

Don't miss critical vulnerabilities

MongoDB MongoDBExpressionContext use-after-free in classic engine $lookup and $graphLookup aggregation operators

MongoDB MongoDBStack memory disclosure in filemd5 command

MongoDB MongoDBMongod can run out of stack memory when expressions create deeply nested documents

MongoDB MongoDBMongoDB Server may crash when inserting large documents

MongoDB MongoDB ServerInternal ResourceId collision may affect unrelated collections

Don't miss critical vulnerabilities

MongoDB MongoDB ServerPre-Authentication Memory Exhaustion Denial of Service in MongoDB Server

Detailed Analysis - MongoBleed (CVE-2025-14847): Memory Corruption in MongoDB

BleepingComputerCISA orders feds to patch MongoBleed flaw exploited in attacks

MongoDB unauth exploit released, patch immediately

BleepingComputerMongoDB warns admins to patch severe vulnerability immediately

Don't miss critical vulnerabilities

Company

Resources

Contact