Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1336 CNY

100%

MongoDB — Vulnerabilities & Security Advisories 24

Browse all 24 CVE security advisories affecting MongoDB. AI-powered Chinese analysis, POCs, and references for each vulnerability.

MongoDB serves as a leading NoSQL database platform primarily for storing and managing unstructured data in modern applications. Historically, it has faced vulnerabilities across multiple classes, including remote code execution, cross-site scripting, and privilege escalation, often stemming from misconfigurations or authentication flaws. The platform's default open configuration has contributed to widespread ransomware attacks through exposed instances without proper access controls. While recent CVEs show improved security practices, legacy issues like weak default credentials and insufficient input validation remain concerns. MongoDB's document-oriented architecture and horizontal scaling capabilities continue to make it popular for big data applications, though security remains dependent on proper implementation and hardening.

Found 16 results / 24Clear Filters
CVE IDTitleCVSSSeverityPublished
CVE-2026-9740 Unbounded recursion in BSONColumn interleaved-reference causes pre-auth stack overflow — MongoDB ServerCWE-674 7.5 High2026-06-09
CVE-2026-9735 Keyfile contents are in MongoDB Server logs — MongoDB ServerCWE-532 5.5 Medium2026-06-09
CVE-2026-9753 Server crash via malformed binary diff passed to $_internalApplyOplogUpdate. — MongoDB ServerCWE-1287 8.1 High2026-06-09
CVE-2026-9752 GeometryCollection with strict-winding polygon causes server crash during 2dsphere index key generation — MongoDB ServerCWE-476 6.5 Medium2026-06-09
CVE-2026-9751 Sensitive data could be written to mongod.log — MongoDB ServerCWE-532 5.5 Medium2026-06-09
CVE-2026-9750 Metadata name collision on $-prefixed fields causes post-auth server crash — MongoDB ServerCWE-617 6.5 Medium2026-06-09
CVE-2026-9749 Using MaxKey() may crash the server — MongoDB ServerCWE-617 6.5 Medium2026-06-09
CVE-2026-9748 $_internalConvertBucketIndexStats may crash the mongod server when working on no timeseries input — MongoDB ServerCWE-617 6.5 Medium2026-06-09
CVE-2026-9747 Crafted cross-shard merge aggregation crashes MongoDB Server — MongoDB ServerCWE-617 6.5 Medium2026-06-09
CVE-2026-9746 Server crashes in case of the use of exchange — MongoDB ServerCWE-617 6.5 Medium2026-06-09
CVE-2026-9743 Aggregation sub-pipeline null dereference may allow DoS via crafted getMore — MongoDB serverCWE-476 6.5 Medium2026-06-09
CVE-2026-9742 Authenticate command with specific mechanism parameter can trigger server crash — MongoDB ServerCWE-1287 7.5 High2026-06-09
CVE-2026-9741 Client side encryption fails to encrypt values in a $vectorSearch — MongoDB ServerCWE-319 6.5 Medium2026-06-09
CVE-2026-6915 Flaw in the updateUser Command May Allow Unauthorized Configuration Change — MongoDB ServerCWE-1284 6.3 Medium2026-04-29
CVE-2026-6914 MD5 checksum creation may cause availability loss — MongoDB ServerCWE-191 6.5 Medium2026-04-29
CVE-2026-5170 Users could trigger a crash of mongod primaries during promotion to sharded — MongoDB ServerCWE-617 5.3 Medium2026-03-30

This page lists every published CVE security advisory associated with MongoDB. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.