Support Us — Your donation helps us keep running

Goal: 1000 CNY,Raised: 1000 CNY

100.0%
Donate Now

MongoDB Server — Vulnerabilities & Security Advisories 74

All 74 CVE vulnerabilities found in MongoDB Server, with AI-generated Chinese analysis, references, and POCs.

Vendor: MongoDB Inc.

CVE IDTitleCVSSSeverityPaused
CVE-2026-5170 Users could trigger a crash of mongod primaries during promotion to sharded CWE-617 5.3 Medium2026-03-30
CVE-2026-4358 Memory safety issues in slot-based execution hash table spill CWE-415 6.4 Medium2026-03-17
CVE-2026-4148 ExpressionContext use-after-free in classic engine $lookup and $graphLookup aggregation operators CWE-416 8.8 High2026-03-17
CVE-2026-4147 Stack memory disclosure in filemd5 command CWE-457 6.5 Medium2026-03-17
CVE-2026-25613 An unsafe cast in the MongoDB query planner can result in a segmentation fault. CWE-704 6.5 Medium2026-02-10
CVE-2026-1849 Mongod can run out of stack memory when expressions create deeply nested documents CWE-674 6.5 Medium2026-02-10
CVE-2026-1850 An authorized user may disable the MongoDB server by issuing a certain type of complex query due to boolean expression simplification CWE-770 6.5 Medium2026-02-10
CVE-2026-25609 profile command may permit unauthorized configuration CWE-862 5.4 Medium2026-02-10
CVE-2026-25610 Invalid $geoNear index hint may cause server crash CWE-617 6.5 Medium2026-02-10
CVE-2026-1848 Connections received from the proxy port may not count towards total accepted connections CWE-770 7.5 High2026-02-10
CVE-2026-1847 MongoDB Server may crash when inserting large documents CWE-770 6.5 Medium2026-02-10
CVE-2026-25612 Internal ResourceId collision may affect unrelated collections CWE-412 6.5 Medium2026-02-10
CVE-2026-25611 Pre-Authentication Memory Exhaustion Denial of Service in MongoDB Server CWE-405 7.5 High2026-02-10
CVE-2025-14847 Zlib compressed protocol header length confusion may allow memory read CWE-130 7.5 High2025-12-19
CVE-2025-14345 Cross-Shard Failovers May Lead to Partial Transaction Commit in MongoDB Server CWE-667 4.2 Medium2025-12-09
CVE-2025-13644 MongoDB may be susceptible to Invariant Failure due to batched delete CWE-617 6.5 Medium2025-11-25
CVE-2025-13643 MongoDB Server may allow queries to be terminated by unauthorized users CWE-862 3.1 Low2025-11-25
CVE-2025-12893 Improper Certificate Validation May Allow Successful TLS Handshaking Despite Invalid Extended Key Usage Fields in MongoDB Server CWE-295 4.2 Medium2025-11-25
CVE-2025-13507 Time-series operations may cause internal BSON size limit to be exceed CWE-1284 6.5 Medium2025-11-25
CVE-2025-12657 Malformed KMIP response may result in access violation CWE-754 5.0 Medium2025-11-03
CVE-2025-10491 MongoDB Windows installation MSI may leave ACLs unset on custom installation directories CWE-284 7.8 High2025-09-15
CVE-2025-10061 Malformed $group Query May Cause MongoDB Server to Crash CWE-20 6.5 Medium2025-09-05
CVE-2025-10060 MongoDB may be susceptible to Invariant Failure in Transactions due Upsert Operation CWE-672 6.5 Medium2025-09-05
CVE-2025-10059 MongoDB Server router will crash when incorrect lsid is set on a sharded query CWE-732 6.5 Medium2025-09-05
CVE-2025-7259 Certain Queries with Duplicate _id Fields May Cause MongoDB Server to Crash CWE-843 6.5 Medium2025-07-07
CVE-2025-6714 Incorrect Handling of incomplete data may prevent mongoS from Accepting New Connections CWE-834 7.5 High2025-07-07
CVE-2025-6713 MongoDB Server may be susceptible to privilege escalation due to $mergeCursors stage CWE-285 7.7 High2025-07-07
CVE-2025-6712 MongoDB Server may be susceptible to DoS due to Accumulated Memory Allocation CWE-400 6.5 Medium2025-07-07
CVE-2025-6711 Incomplete Redaction of Sensitive Information in MongoDB Server Logs CWE-532 4.4 Medium2025-07-07
CVE-2025-6710 Pre-authentication Denial of Service Stack Overflow Vulnerability in JSON Parsing via Excessive Recursion in MongoDB CWE-674 7.5 High2025-06-26

All 74 known CVE vulnerabilities affecting MongoDB Server with full Chinese analysis, references, and POCs where available.