Support Us — Your donation helps us keep running

Goal: 1000 CNY,Raised: 1000 CNY

100.0%
Donate Now

MongoDB Inc — Vulnerabilities & Security Advisories 61

Browse all 61 CVE security advisories affecting MongoDB Inc. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top 10 Products MongoDB Inc:MongoDB ServermongoshMongoDB C DriverMongoDB CompasslibbsonMongoDB .NET/C# DriverMongoDB Atlas Kubernetes OperatorPyMongoMongoDB Rust DrivermongocryptdMongoDB Connector for BIMongoDB Ruby DriverMongoDB Go Driver
CVE IDTitleCVSSSeverityPaused
CVE-2026-4359 Heap-buffer-over-read in _mongoc_http_send via strstr on non-null-terminated buffer — MongoDB C DriverCWE-158 2.0 Low2026-03-17
CVE-2026-4358 Memory safety issues in slot-based execution hash table spill — MongoDB ServerCWE-415 6.4 Medium2026-03-17
CVE-2026-4148 ExpressionContext use-after-free in classic engine $lookup and $graphLookup aggregation operators — MongoDB ServerCWE-416 8.8 High2026-03-17
CVE-2026-4147 Stack memory disclosure in filemd5 command — MongoDB ServerCWE-457 6.5 Medium2026-03-17
CVE-2026-2303 Heap Out-of-Bounds Read in Go Driver GSSAPI C Wrappers enables application crash or information leak — MongoDB Go DriverCWE-183 6.5 Medium2026-02-10
CVE-2026-2302 Unsafe Reflection in Mongoid::Criteria.from_hash — MongoDB Ruby Driver 6.5 Medium2026-02-10
CVE-2026-25613 An unsafe cast in the MongoDB query planner can result in a segmentation fault. — MongoDB ServerCWE-704 6.5 Medium2026-02-10
CVE-2026-1849 Mongod can run out of stack memory when expressions create deeply nested documents — MongoDB ServerCWE-674 6.5 Medium2026-02-10
CVE-2026-1850 An authorized user may disable the MongoDB server by issuing a certain type of complex query due to boolean expression simplification — MongoDB ServerCWE-770 6.5 Medium2026-02-10
CVE-2026-25609 profile command may permit unauthorized configuration — MongoDB ServerCWE-862 5.4 Medium2026-02-10
CVE-2026-25610 Invalid $geoNear index hint may cause server crash — MongoDB ServerCWE-617 6.5 Medium2026-02-10
CVE-2026-1848 Connections received from the proxy port may not count towards total accepted connections — MongoDB ServerCWE-770 7.5 High2026-02-10
CVE-2026-1847 MongoDB Server may crash when inserting large documents — MongoDB ServerCWE-770 6.5 Medium2026-02-10
CVE-2026-25612 Internal ResourceId collision may affect unrelated collections — MongoDB ServerCWE-412 6.5 Medium2026-02-10
CVE-2026-25611 Pre-Authentication Memory Exhaustion Denial of Service in MongoDB Server — MongoDB ServerCWE-405 7.5 High2026-02-10
CVE-2025-11535 MongoDB Connector for BI installation MSI leave ACLs unset on custom installation directories — MongoDB Connector for BICWE-276 7.8AIHighAI2025-10-08
CVE-2025-10491 MongoDB Windows installation MSI may leave ACLs unset on custom installation directories — MongoDB ServerCWE-284 7.8 High2025-09-15
CVE-2025-10061 Malformed $group Query May Cause MongoDB Server to Crash — MongoDB ServerCWE-20 6.5 Medium2025-09-05
CVE-2025-10060 MongoDB may be susceptible to Invariant Failure in Transactions due Upsert Operation — MongoDB ServerCWE-672 6.5 Medium2025-09-05
CVE-2025-10059 MongoDB Server router will crash when incorrect lsid is set on a sharded query — MongoDB ServerCWE-732 6.5 Medium2025-09-05
CVE-2025-7259 Certain Queries with Duplicate _id Fields May Cause MongoDB Server to Crash — MongoDB ServerCWE-843 6.5 Medium2025-07-07
CVE-2025-6714 Incorrect Handling of incomplete data may prevent mongoS from Accepting New Connections — MongoDB ServerCWE-834 7.5 High2025-07-07
CVE-2025-6713 MongoDB Server may be susceptible to privilege escalation due to $mergeCursors stage — MongoDB ServerCWE-285 7.7 High2025-07-07
CVE-2025-6712 MongoDB Server may be susceptible to DoS due to Accumulated Memory Allocation — MongoDB ServerCWE-400 6.5 Medium2025-07-07
CVE-2025-6711 Incomplete Redaction of Sensitive Information in MongoDB Server Logs — MongoDB ServerCWE-532 4.4 Medium2025-07-07
CVE-2025-6710 Pre-authentication Denial of Service Stack Overflow Vulnerability in JSON Parsing via Excessive Recursion in MongoDB — MongoDB ServerCWE-674 7.5 High2025-06-26
CVE-2025-6709 Pre-Authentication Denial of Service Vulnerability in MongoDB Server's OIDC Authentication — MongoDB ServerCWE-20 7.5 High2025-06-26
CVE-2025-6707 Race condition in privilege cache invalidation cycle — MongoDB ServerCWE-863 4.2 Medium2025-06-26
CVE-2025-6706 Running certain aggregation operations with the SBE engine may lead to unexpected behavior on MongoDB Server — MongoDB ServerCWE-416 5.0 Medium2025-06-26
CVE-2025-3085 MongoDB Server running on Linux may allow unexpected connections where intermediate certificates are revoked — MongoDB ServerCWE-299 8.1 High2025-04-01

This page lists every published CVE security advisory associated with MongoDB Inc. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.