Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1325 CNY

100%
Buy Us a Coffee

MongoDB server — Vulnerabilities & Security Advisories 97

All 97 CVE vulnerabilities found in MongoDB server, with AI-generated Chinese analysis, references, and POCs.

This page documents security vulnerabilities, weaknesses, and associated tags for MongoDB Server, a popular open-source document-oriented database. It aggregates data on known security flaws ranging from buffer overflows and injection attacks to configuration errors and denial-of-service conditions that affect the stability and confidentiality of database deployments. The content covers reported vulnerabilities from their initial disclosure through to current patch availability, providing a comprehensive view of the threat landscape. Users can track vendor-specific advisories issued by MongoDB Inc. to stay informed about emerging threats and required mitigations. The resource enables analysts to understand the specific characteristics and implications of particular weakness classes as they apply to this database engine. Additionally, it allows users to look up the complete vulnerability history of MongoDB Server releases to assess past security incidents and evaluate the product’s security posture over time. This centralized approach simplifies the process of monitoring security updates and understanding the context of each flaw. By consolidating these details, the page supports security professionals, developers, and administrators in making informed decisions about system hardening and upgrade schedules. The information presented is derived from official vendor disclosures and independent security research, ensuring accuracy and relevance for operational risk management.

Vendor: MongoDB Inc.

CVE IDTitleCVSSSeverityPublished
CVE-2026-25609 profile command may permit unauthorized configuration CWE-862 5.4 Medium2026-02-10
CVE-2026-25610 Invalid $geoNear index hint may cause server crash CWE-617 6.5 Medium2026-02-10
CVE-2026-1848 Connections received from the proxy port may not count towards total accepted connections CWE-770 7.5 High2026-02-10
CVE-2026-1847 MongoDB Server may crash when inserting large documents CWE-770 6.5 Medium2026-02-10
CVE-2026-25612 Internal ResourceId collision may affect unrelated collections CWE-412 6.5 Medium2026-02-10
CVE-2026-25611 Pre-Authentication Memory Exhaustion Denial of Service in MongoDB Server CWE-405 7.5 High2026-02-10
CVE-2025-14847 Zlib compressed protocol header length confusion may allow memory read CWE-130 7.5 High2025-12-19
CVE-2025-14345 Cross-Shard Failovers May Lead to Partial Transaction Commit in MongoDB Server CWE-667 4.2 Medium2025-12-09
CVE-2025-13644 MongoDB may be susceptible to Invariant Failure due to batched delete CWE-617 6.5 Medium2025-11-25
CVE-2025-13643 MongoDB Server may allow queries to be terminated by unauthorized users CWE-862 3.1 Low2025-11-25
CVE-2025-12893 Improper Certificate Validation May Allow Successful TLS Handshaking Despite Invalid Extended Key Usage Fields in MongoDB Server CWE-295 4.2 Medium2025-11-25
CVE-2025-13507 Time-series operations may cause internal BSON size limit to be exceed CWE-1284 6.5 Medium2025-11-25
CVE-2025-12657 Malformed KMIP response may result in access violation CWE-754 5.0 Medium2025-11-03
CVE-2025-10491 MongoDB Windows installation MSI may leave ACLs unset on custom installation directories CWE-284 7.8 High2025-09-15
CVE-2025-10061 Malformed $group Query May Cause MongoDB Server to Crash CWE-20 6.5 Medium2025-09-05
CVE-2025-10060 MongoDB may be susceptible to Invariant Failure in Transactions due Upsert Operation CWE-672 6.5 Medium2025-09-05
CVE-2025-10059 MongoDB Server router will crash when incorrect lsid is set on a sharded query CWE-732 6.5 Medium2025-09-05
CVE-2025-7259 Certain Queries with Duplicate _id Fields May Cause MongoDB Server to Crash CWE-843 6.5 Medium2025-07-07
CVE-2025-6714 Incorrect Handling of incomplete data may prevent mongoS from Accepting New Connections CWE-834 7.5 High2025-07-07
CVE-2025-6713 MongoDB Server may be susceptible to privilege escalation due to $mergeCursors stage CWE-285 7.7 High2025-07-07
CVE-2025-6712 MongoDB Server may be susceptible to DoS due to Accumulated Memory Allocation CWE-400 6.5 Medium2025-07-07
CVE-2025-6711 Incomplete Redaction of Sensitive Information in MongoDB Server Logs CWE-532 4.4 Medium2025-07-07
CVE-2025-6710 Pre-authentication Denial of Service Stack Overflow Vulnerability in JSON Parsing via Excessive Recursion in MongoDB CWE-674 7.5 High2025-06-26
CVE-2025-6709 Pre-Authentication Denial of Service Vulnerability in MongoDB Server's OIDC Authentication CWE-20 7.5 High2025-06-26
CVE-2025-6707 Race condition in privilege cache invalidation cycle CWE-863 4.2 Medium2025-06-26
CVE-2025-6706 Running certain aggregation operations with the SBE engine may lead to unexpected behavior on MongoDB Server CWE-416 5.0 Medium2025-06-26
CVE-2025-3085 MongoDB Server running on Linux may allow unexpected connections where intermediate certificates are revoked CWE-299 8.1 High2025-04-01
CVE-2025-3084 MongoDB Server may crash due to improper validation of explain command CWE-703 6.5 Medium2025-04-01
CVE-2025-3083 Malformed MongoDB wire protocol messages may cause mongos to crash CWE-248 7.5 High2025-04-01
CVE-2025-3082 User may override a view's collation and gain unauthorized access to underlying data CWE-284 3.1 Low2025-04-01

All 97 known CVE vulnerabilities affecting MongoDB server with full Chinese analysis, references, and POCs where available.