Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

MongoDB Inc — Vulnerabilities & Security Advisories 61

Browse all 61 CVE security advisories affecting MongoDB Inc. AI-powered Chinese analysis, POCs, and references for each vulnerability.

MongoDB Inc. develops a popular document-oriented NoSQL database designed for high-volume data storage and flexible schema management. Historically, its codebase has been associated with sixty-one recorded Common Vulnerabilities and Exposures, predominantly involving improper input validation and authentication bypasses. These flaws frequently enable remote code execution or unauthorized access, reflecting challenges in securing complex query parsers and network interfaces. While the company maintains a security response team and provides regular patches, the sheer volume of disclosed issues highlights the inherent risks in widely deployed, feature-rich database engines. Notable incidents have included critical flaws allowing unauthenticated data exfiltration, underscoring the necessity for rigorous configuration hardening. Organizations utilizing this platform must prioritize strict access controls and timely updates to mitigate the persistent threat landscape associated with its extensive attack surface and widespread adoption in enterprise environments.

Top products by MongoDB Inc: MongoDB Server mongosh MongoDB C Driver MongoDB Compass libbson MongoDB .NET/C# Driver MongoDB Atlas Kubernetes Operator PyMongo MongoDB Rust Driver mongocryptd MongoDB Connector for BI MongoDB Ruby Driver MongoDB Go Driver
CVE IDTitleCVSSSeverityPublished
CVE-2026-4359 Heap-buffer-over-read in _mongoc_http_send via strstr on non-null-terminated buffer — MongoDB C DriverCWE-158 2.0 Low2026-03-17
CVE-2026-4358 Memory safety issues in slot-based execution hash table spill — MongoDB ServerCWE-415 6.4 Medium2026-03-17
CVE-2026-4148 ExpressionContext use-after-free in classic engine $lookup and $graphLookup aggregation operators — MongoDB ServerCWE-416 8.8 High2026-03-17
CVE-2026-4147 Stack memory disclosure in filemd5 command — MongoDB ServerCWE-457 6.5 Medium2026-03-17
CVE-2026-2303 Heap Out-of-Bounds Read in Go Driver GSSAPI C Wrappers enables application crash or information leak — MongoDB Go DriverCWE-183 6.5 Medium2026-02-10
CVE-2026-2302 Unsafe Reflection in Mongoid::Criteria.from_hash — MongoDB Ruby Driver 6.5 Medium2026-02-10
CVE-2026-25613 An unsafe cast in the MongoDB query planner can result in a segmentation fault. — MongoDB ServerCWE-704 6.5 Medium2026-02-10
CVE-2026-1849 Mongod can run out of stack memory when expressions create deeply nested documents — MongoDB ServerCWE-674 6.5 Medium2026-02-10
CVE-2026-1850 An authorized user may disable the MongoDB server by issuing a certain type of complex query due to boolean expression simplification — MongoDB ServerCWE-770 6.5 Medium2026-02-10
CVE-2026-25609 profile command may permit unauthorized configuration — MongoDB ServerCWE-862 5.4 Medium2026-02-10
CVE-2026-25610 Invalid $geoNear index hint may cause server crash — MongoDB ServerCWE-617 6.5 Medium2026-02-10
CVE-2026-1848 Connections received from the proxy port may not count towards total accepted connections — MongoDB ServerCWE-770 7.5 High2026-02-10
CVE-2026-1847 MongoDB Server may crash when inserting large documents — MongoDB ServerCWE-770 6.5 Medium2026-02-10
CVE-2026-25612 Internal ResourceId collision may affect unrelated collections — MongoDB ServerCWE-412 6.5 Medium2026-02-10
CVE-2026-25611 Pre-Authentication Memory Exhaustion Denial of Service in MongoDB Server — MongoDB ServerCWE-405 7.5 High2026-02-10
CVE-2025-11535 MongoDB Connector for BI installation MSI leave ACLs unset on custom installation directories — MongoDB Connector for BICWE-276 7.8AIHighAI2025-10-08
CVE-2025-10491 MongoDB Windows installation MSI may leave ACLs unset on custom installation directories — MongoDB ServerCWE-284 7.8 High2025-09-15
CVE-2025-10061 Malformed $group Query May Cause MongoDB Server to Crash — MongoDB ServerCWE-20 6.5 Medium2025-09-05
CVE-2025-10060 MongoDB may be susceptible to Invariant Failure in Transactions due Upsert Operation — MongoDB ServerCWE-672 6.5 Medium2025-09-05
CVE-2025-10059 MongoDB Server router will crash when incorrect lsid is set on a sharded query — MongoDB ServerCWE-732 6.5 Medium2025-09-05
CVE-2025-7259 Certain Queries with Duplicate _id Fields May Cause MongoDB Server to Crash — MongoDB ServerCWE-843 6.5 Medium2025-07-07
CVE-2025-6714 Incorrect Handling of incomplete data may prevent mongoS from Accepting New Connections — MongoDB ServerCWE-834 7.5 High2025-07-07
CVE-2025-6713 MongoDB Server may be susceptible to privilege escalation due to $mergeCursors stage — MongoDB ServerCWE-285 7.7 High2025-07-07
CVE-2025-6712 MongoDB Server may be susceptible to DoS due to Accumulated Memory Allocation — MongoDB ServerCWE-400 6.5 Medium2025-07-07
CVE-2025-6711 Incomplete Redaction of Sensitive Information in MongoDB Server Logs — MongoDB ServerCWE-532 4.4 Medium2025-07-07
CVE-2025-6710 Pre-authentication Denial of Service Stack Overflow Vulnerability in JSON Parsing via Excessive Recursion in MongoDB — MongoDB ServerCWE-674 7.5 High2025-06-26
CVE-2025-6709 Pre-Authentication Denial of Service Vulnerability in MongoDB Server's OIDC Authentication — MongoDB ServerCWE-20 7.5 High2025-06-26
CVE-2025-6707 Race condition in privilege cache invalidation cycle — MongoDB ServerCWE-863 4.2 Medium2025-06-26
CVE-2025-6706 Running certain aggregation operations with the SBE engine may lead to unexpected behavior on MongoDB Server — MongoDB ServerCWE-416 5.0 Medium2025-06-26
CVE-2025-3085 MongoDB Server running on Linux may allow unexpected connections where intermediate certificates are revoked — MongoDB ServerCWE-299 8.1 High2025-04-01

This page lists every published CVE security advisory associated with MongoDB Inc. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.