Mongodb Server Vulnerabilities

Unbounded recursion in BSONColumn interleaved-reference causes pre-auth stack overflow

CVE-2026-9740

MongodbMongodb Server8.7HIGH

Keyfile contents are in MongoDB Server logs

CVE-2026-9735

MongodbMongodb Server6.8MEDIUM

Server crash via malformed binary diff passed to $_internalApplyOplogUpdate.

CVE-2026-9753

MongodbMongodb Server7.2HIGH

GeometryCollection with strict-winding polygon causes server crash during 2dsphere index key generation

CVE-2026-9752

MongodbMongodb Server7.1HIGH

Sensitive data could be written to mongod.log

CVE-2026-9751

MongodbMongodb Server6.8MEDIUM

Metadata name collision on $-prefixed fields causes post-auth server crash

CVE-2026-9750

MongodbMongodb Server7.1HIGH

Using MaxKey() may crash the server

CVE-2026-9749

MongodbMongodb Server7.1HIGH

$_internalConvertBucketIndexStats may crash the mongod server when working on no timeseries input

CVE-2026-9748

MongodbMongodb Server7.1HIGH

Crafted cross-shard merge aggregation crashes MongoDB Server

CVE-2026-9747

MongodbMongodb Server7.1HIGH

Server crashes in case of the use of exchange

CVE-2026-9746

MongodbMongodb Server7.1HIGH

Aggregation sub-pipeline null dereference may allow DoS via crafted getMore

CVE-2026-9743

MongodbMongodb Server7.1HIGH

Authenticate command with specific mechanism parameter can trigger server crash

CVE-2026-9742

MongodbMongodb Server8.2HIGH

Client side encryption fails to encrypt values in a $vectorSearch

CVE-2026-9741

MongodbMongodb Server7.1HIGH

Indexing Flaws in MongoDB Server Affecting Various Versions

CVE-2026-8843

Mongodb, Inc.Mongodb Server7.1HIGH

Denial of Service Vulnerability in MongoDB Server Affecting Multiple Versions

CVE-2026-8202

Mongodb, Inc.Mongodb Server5.3MEDIUM

Denial-of-Service Vulnerability in MongoDB Server Products

CVE-2026-8336

Mongodb, Inc.Mongodb Server7.7HIGH

Use-after-free Vulnerability in MongoDB Field-Level Encryption Affects Multiple Versions

CVE-2026-8201

Mongodb, Inc.Mongodb Server6.1MEDIUM

Data Exposure Vulnerability in MongoDB Server

CVE-2026-8200

Mongodb, Inc.Mongodb Server4.8MEDIUM

Memory Usage Vulnerability in MongoDB Server by MongoDB

CVE-2026-8199

Mongodb, Inc.Mongodb Server7.1HIGH

Out-of-Bounds Memory Write Vulnerability in MongoDB Server

CVE-2026-8053

Mongodb, Inc.Mongodb Server8.7HIGH

Null Pointer Dereference in MongoDB Server Due to Empty Pipeline in Aggregation Functions

CVE-2026-8063

MongoDBMongodb Server7.1HIGH

Authorization Flaw in MongoDB User Management

CVE-2026-6915

MongodbMongodb Server5.3MEDIUM

Malware Mitigation Flaw in MongoDB Server from MongoDB, Inc.

CVE-2026-6914

MongodbMongodb Server7.1HIGH

Denial of Service Vulnerability in MongoDB Server by MongoDB

CVE-2026-5170

MongodbMongodb Server6MEDIUM

Memory Mismanagement in MongoDB Due to Aggregation Queries

CVE-2026-4358

MongoDBMongodb Server6.1MEDIUM

MongoDB Mongodb Server Vulnerabilities

Vulnerability Published:

Sort By:

9 June 2026

Unbounded recursion in BSONColumn interleaved-reference causes pre-auth stack overflow

Keyfile contents are in MongoDB Server logs

Server crash via malformed binary diff passed to $_internalApplyOplogUpdate.

GeometryCollection with strict-winding polygon causes server crash during 2dsphere index key generation

Sensitive data could be written to mongod.log

Metadata name collision on $-prefixed fields causes post-auth server crash

Using MaxKey() may crash the server

$_internalConvertBucketIndexStats may crash the mongod server when working on no timeseries input

Crafted cross-shard merge aggregation crashes MongoDB Server

Server crashes in case of the use of exchange

Aggregation sub-pipeline null dereference may allow DoS via crafted getMore

Authenticate command with specific mechanism parameter can trigger server crash

Client side encryption fails to encrypt values in a $vectorSearch

18 May 2026

Indexing Flaws in MongoDB Server Affecting Various Versions

13 May 2026

Denial of Service Vulnerability in MongoDB Server Affecting Multiple Versions

Denial-of-Service Vulnerability in MongoDB Server Products

Use-after-free Vulnerability in MongoDB Field-Level Encryption Affects Multiple Versions

Data Exposure Vulnerability in MongoDB Server

Memory Usage Vulnerability in MongoDB Server by MongoDB

12 May 2026

Out-of-Bounds Memory Write Vulnerability in MongoDB Server

7 May 2026

Null Pointer Dereference in MongoDB Server Due to Empty Pipeline in Aggregation Functions

29 April 2026

Authorization Flaw in MongoDB User Management

Malware Mitigation Flaw in MongoDB Server from MongoDB, Inc.

30 March 2026

Denial of Service Vulnerability in MongoDB Server by MongoDB

17 March 2026

Memory Mismanagement in MongoDB Due to Aggregation Queries