| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-6231 | bson_validate may skip validation when processing certain inputs | MongoDB Inc. | C Driver | Medium | 4.3 | 2026-04-13 15:31:56 | Deep Dive |
| CVE-2026-5170 | Users could trigger a crash of mongod primaries during promotion to sharded | MongoDB | MongoDB Server | Medium | 5.3 | 2026-03-30 15:28:58 | Deep Dive |
| CVE-2026-4359 | Heap-buffer-over-read in _mongoc_http_send via strstr on non-null-terminated buffer | MongoDB Inc | MongoDB C Driver | Low | 2.0 | 2026-03-17 19:42:03 | Deep Dive |
| CVE-2026-4358 | Memory safety issues in slot-based execution hash table spill | MongoDB Inc | MongoDB Server | Medium | 6.4 | 2026-03-17 19:00:08 | Deep Dive |
| CVE-2026-4148 | ExpressionContext use-after-free in classic engine $lookup and $graphLookup aggregation operators | MongoDB Inc | MongoDB Server | High | 8.8 | 2026-03-17 15:53:58 | Deep Dive |
| CVE-2026-4147 | Stack memory disclosure in filemd5 command | MongoDB Inc | MongoDB Server | Medium | 6.5 | 2026-03-17 15:50:22 | Deep Dive |
| CVE-2026-29793 | NoSQL Injection via WebSocket id Parameter in MongoDB Adapter | @feathersjs | mongodb | - | - | 2026-03-10 20:08:52 | Deep Dive |
| CVE-2026-2303 | Heap Out-of-Bounds Read in Go Driver GSSAPI C Wrappers enables application crash or information leak | MongoDB Inc | MongoDB Go Driver | Medium | 6.5 | 2026-02-10 19:03:07 | Deep Dive |
| CVE-2026-2302 | Unsafe Reflection in Mongoid::Criteria.from_hash | MongoDB Inc | MongoDB Ruby Driver | Medium | 6.5 | 2026-02-10 18:59:24 | Deep Dive |
| CVE-2026-25613 | An unsafe cast in the MongoDB query planner can result in a segmentation fault. | MongoDB Inc | MongoDB Server | Medium | 6.5 | 2026-02-10 18:54:50 | Deep Dive |
| CVE-2026-1849 | Mongod can run out of stack memory when expressions create deeply nested documents | MongoDB Inc | MongoDB Server | Medium | 6.5 | 2026-02-10 18:52:53 | Deep Dive |
| CVE-2026-1850 | An authorized user may disable the MongoDB server by issuing a certain type of complex query due to boolean expression simplification | MongoDB Inc | MongoDB Server | Medium | 6.5 | 2026-02-10 18:49:32 | Deep Dive |
| CVE-2026-25609 | profile command may permit unauthorized configuration | MongoDB Inc | MongoDB Server | Medium | 5.4 | 2026-02-10 18:39:11 | Deep Dive |
| CVE-2026-25610 | Invalid $geoNear index hint may cause server crash | MongoDB Inc | MongoDB Server | Medium | 6.5 | 2026-02-10 18:30:41 | Deep Dive |
| CVE-2026-1848 | Connections received from the proxy port may not count towards total accepted connections | MongoDB Inc | MongoDB Server | High | 7.5 | 2026-02-10 18:22:42 | Deep Dive |
| CVE-2026-1847 | MongoDB Server may crash when inserting large documents | MongoDB Inc | MongoDB Server | Medium | 6.5 | 2026-02-10 18:16:25 | Deep Dive |
| CVE-2026-25612 | Internal ResourceId collision may affect unrelated collections | MongoDB Inc | MongoDB Server | Medium | 6.5 | 2026-02-10 18:05:24 | Deep Dive |
| CVE-2026-25611 | Pre-Authentication Memory Exhaustion Denial of Service in MongoDB Server | MongoDB Inc | MongoDB Server | High | 7.5 | 2026-02-10 17:52:47 | Deep Dive |
| CVE-2025-14911 | Integer Overflow in GridFS chunkSize Leading to Heap Allocation Failure | MongoDB | Mongo-c-driver | Medium | 6.5 | 2026-01-27 17:29:21 | Deep Dive |
| CVE-2025-14847 | Zlib compressed protocol header length confusion may allow memory read | MongoDB Inc. | MongoDB Server | High | 7.5 | 2025-12-19 11:00:22 | Deep Dive |