| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-5170 | Users could trigger a crash of mongod primaries during promotion to sharded | MongoDB | MongoDB Server | Medium | 5.3 | 2026-03-30 15:28:58 | Deep Dive |
| CVE-2026-4358 | Memory safety issues in slot-based execution hash table spill | MongoDB Inc | MongoDB Server | Medium | 6.4 | 2026-03-17 19:00:08 | Deep Dive |
| CVE-2026-4148 | ExpressionContext use-after-free in classic engine $lookup and $graphLookup aggregation operators | MongoDB Inc | MongoDB Server | High | 8.8 | 2026-03-17 15:53:58 | Deep Dive |
| CVE-2026-4147 | Stack memory disclosure in filemd5 command | MongoDB Inc | MongoDB Server | Medium | 6.5 | 2026-03-17 15:50:22 | Deep Dive |
| CVE-2026-25613 | An unsafe cast in the MongoDB query planner can result in a segmentation fault. | MongoDB Inc | MongoDB Server | Medium | 6.5 | 2026-02-10 18:54:50 | Deep Dive |
| CVE-2026-1849 | Mongod can run out of stack memory when expressions create deeply nested documents | MongoDB Inc | MongoDB Server | Medium | 6.5 | 2026-02-10 18:52:53 | Deep Dive |
| CVE-2026-1850 | An authorized user may disable the MongoDB server by issuing a certain type of complex query due to boolean expression simplification | MongoDB Inc | MongoDB Server | Medium | 6.5 | 2026-02-10 18:49:32 | Deep Dive |
| CVE-2026-25609 | profile command may permit unauthorized configuration | MongoDB Inc | MongoDB Server | Medium | 5.4 | 2026-02-10 18:39:11 | Deep Dive |
| CVE-2026-25610 | Invalid $geoNear index hint may cause server crash | MongoDB Inc | MongoDB Server | Medium | 6.5 | 2026-02-10 18:30:41 | Deep Dive |
| CVE-2026-1848 | Connections received from the proxy port may not count towards total accepted connections | MongoDB Inc | MongoDB Server | High | 7.5 | 2026-02-10 18:22:42 | Deep Dive |
| CVE-2026-1847 | MongoDB Server may crash when inserting large documents | MongoDB Inc | MongoDB Server | Medium | 6.5 | 2026-02-10 18:16:25 | Deep Dive |
| CVE-2026-25612 | Internal ResourceId collision may affect unrelated collections | MongoDB Inc | MongoDB Server | Medium | 6.5 | 2026-02-10 18:05:24 | Deep Dive |
| CVE-2026-25611 | Pre-Authentication Memory Exhaustion Denial of Service in MongoDB Server | MongoDB Inc | MongoDB Server | High | 7.5 | 2026-02-10 17:52:47 | Deep Dive |
| CVE-2025-14847 | Zlib compressed protocol header length confusion may allow memory read | MongoDB Inc. | MongoDB Server | High | 7.5 | 2025-12-19 11:00:22 | Deep Dive |
| CVE-2025-14345 | Cross-Shard Failovers May Lead to Partial Transaction Commit in MongoDB Server | MongoDB Inc. | MongoDB Server | Medium | 4.2 | 2025-12-09 15:00:39 | Deep Dive |
| CVE-2025-13644 | MongoDB may be susceptible to Invariant Failure due to batched delete | MongoDB Inc. | MongoDB Server | Medium | 6.5 | 2025-11-25 05:23:12 | Deep Dive |
| CVE-2025-13643 | MongoDB Server may allow queries to be terminated by unauthorized users | MongoDB Inc. | MongoDB Server | Low | 3.1 | 2025-11-25 05:16:24 | Deep Dive |
| CVE-2025-12893 | Improper Certificate Validation May Allow Successful TLS Handshaking Despite Invalid Extended Key Usage Fields in MongoDB Server | MongoDB Inc. | MongoDB Server | Medium | 4.2 | 2025-11-25 05:07:18 | Deep Dive |
| CVE-2025-13507 | Time-series operations may cause internal BSON size limit to be exceed | MongoDB Inc. | MongoDB Server | Medium | 6.5 | 2025-11-25 04:52:48 | Deep Dive |
| CVE-2025-12657 | Malformed KMIP response may result in access violation | MongoDB Inc. | MongoDB Server | Medium | 5.0 | 2025-11-03 21:03:25 | Deep Dive |