Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

MongoDB Inc. — Vulnerabilities & Security Advisories 52

Browse all 52 CVE security advisories affecting MongoDB Inc.. AI-powered Chinese analysis, POCs, and references for each vulnerability.

MongoDB Inc. develops a popular document-oriented NoSQL database designed for high-volume data storage and flexible schema management. With fifty recorded Common Vulnerabilities and Exposures (CVEs), the platform has historically faced issues ranging from remote code execution and cross-site scripting to privilege escalation flaws. These vulnerabilities often stem from improper input validation, authentication bypasses, or insecure default configurations in earlier releases. Notable incidents include critical flaws allowing unauthenticated access to administrative interfaces, highlighting risks associated with default settings in production environments. The company actively addresses these concerns through regular security patches and updates, emphasizing the importance of proper configuration and timely maintenance. While the software remains widely adopted for its scalability, the frequency of CVEs underscores the necessity for rigorous security hygiene and continuous monitoring to mitigate potential exploitation vectors in enterprise deployments.

Top products by MongoDB Inc.: MongoDB Server MongoDB Ops Manager js-bson MongoDB Enterprise Kubernetes Operator MongoDB Database Tools MongoDB Node.js Driver mongodb-client-encryption module mongo-java-driver MongoDB Go Driver MongoDB C# Driver MongoDB Rust Driver MongoDB Compass MongoDB for VS Code Server C Driver MongoDB C Driver
CVE IDTitleCVSSSeverityPublished
CVE-2026-8063 Post-auth null pointer dereference when aggregating against a view with empty search pipeline — MongoDB ServerCWE-476 6.5 Medium2026-05-07
CVE-2026-6691 MongoDB C Driver Cyrus SASL Canonicalization Buffer Overflow — MongoDB C DriverCWE-120 7.8 High2026-05-06
CVE-2026-6231 bson_validate may skip validation when processing certain inputs — C DriverCWE-20 4.3 Medium2026-04-13
CVE-2025-14847 Zlib compressed protocol header length confusion may allow memory read — MongoDB ServerCWE-130 7.5 High2025-12-19
CVE-2025-14345 Cross-Shard Failovers May Lead to Partial Transaction Commit in MongoDB Server — MongoDB ServerCWE-667 4.2 Medium2025-12-09
CVE-2025-13644 MongoDB may be susceptible to Invariant Failure due to batched delete — MongoDB ServerCWE-617 6.5 Medium2025-11-25
CVE-2025-13643 MongoDB Server may allow queries to be terminated by unauthorized users — MongoDB ServerCWE-862 3.1 Low2025-11-25
CVE-2025-12893 Improper Certificate Validation May Allow Successful TLS Handshaking Despite Invalid Extended Key Usage Fields in MongoDB Server — MongoDB ServerCWE-295 4.2 Medium2025-11-25
CVE-2025-13507 Time-series operations may cause internal BSON size limit to be exceed — MongoDB ServerCWE-1284 6.5 Medium2025-11-25
CVE-2025-12657 Malformed KMIP response may result in access violation — MongoDB ServerCWE-754 5.0 Medium2025-11-03
CVE-2025-11979 Use-after-free in the MongoDB server query planner may lead to crash or undefined behavior — ServerCWE-416 5.3 Medium2025-10-20
CVE-2023-4009 Privilege Escalation for Project Owner and Project User Admin Roles in Ops Manager — MongoDB Ops ManagerCWE-648 7.2 High2023-08-08
CVE-2023-0342 MongoDB Ops Manager may disclose sensitive information in Diagnostic Archive — MongoDB Ops ManagerCWE-497 3.1 Low2023-06-09
CVE-2022-24272 MongoDB Server (mongod) may crash in response to unexpected requests — MongoDB ServerCWE-617 6.5 Medium2022-04-21
CVE-2021-32040 Large aggregation pipelines with a specific stage can crash mongod under default configuration — MongoDB ServerCWE-121 6.5 Medium2022-04-12
CVE-2021-32036 Denial of Service and Data Integrity vulnerability in features command — MongoDB ServerCWE-770 5.4 Medium2022-02-04
CVE-2021-32039 MongoDB Extension for VS Code may unexpectedly store credentials locally in clear text — MongoDB for VS CodeCWE-522 5.5 Medium2022-01-20
CVE-2021-20330 Specific replication command with malformed oplog entries can crash secondaries — MongoDB ServerCWE-20 6.5 Medium2021-12-15
CVE-2021-32037 User may trigger invariant when allowed to send commands directly to shards — MongoDB ServerCWE-617 6.5 Medium2021-11-24
CVE-2021-20332 MongoDB Rust Driver may publish events containing authentication-related data to a connection pool event listener configured by an application — MongoDB Rust DriverCWE-200 4.2 Medium2021-08-02
CVE-2021-20333 Server log entry spoofing via newline injection — MongoDB ServerCWE-117 5.3 Medium2021-07-23
CVE-2021-20329 Specific cstrings input may not be properly validated in the Go Driver — MongoDB Go DriverCWE-1287 6.8 Medium2021-06-10
CVE-2021-20331 MongoDB C# Driver may publish events containing authentication-related data to a command listener configured by an application — MongoDB C# DriverCWE-200 4.2 Medium2021-05-13
CVE-2021-20326 Specially crafted query may result in a denial of service of mongod — MongoDB ServerCWE-20 6.5 Medium2021-04-30
CVE-2020-7924 Specific command line parameter might result in accepting invalid certificate — MongoDB Database ToolsCWE-295 4.2 Medium2021-04-12
CVE-2021-20334 Local privilege escalation in MongoDB Compass for Windows — MongoDB CompassCWE-269 4.8 Medium2021-04-06
CVE-2018-25004 Invariant failure when explaining a find with a UUID — MongoDB ServerCWE-20 4.9 Medium2021-03-01
CVE-2020-7929 Specially crafted regex query can cause DoS — MongoDB ServerCWE-185 6.5 Medium2021-03-01
CVE-2021-20328 MongoDB Java driver client-side field level encryption not verifying KMS host name — mongo-java-driverCWE-295 6.4 Medium2021-02-25
CVE-2021-20327 MongoDB Node.js client side field level encryption library may not be validating KMS certificate — MongoDB Node.js Driver mongodb-client-encryption moduleCWE-295 6.4 Medium2021-02-25

This page lists every published CVE security advisory associated with MongoDB Inc.. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.