Out-of-Memory Crash in MongoDB Query Planner
CVE-2026-1850

7.1HIGH

Key Information:

Vendor

MongoDB
Status
Mongodb Server
Vendor
CVE Published:
10 February 2026

What is CVE-2026-1850?

This vulnerability in MongoDB's Query Planner can lead to excessive memory consumption when processing complex queries. The resulting out-of-memory condition can crash the database server, affecting application stability and availability. It is crucial for users to be aware of this issue, as it may compromise data integrity and service continuity.

Affected Version(s)

MongoDB Server 8.0 < 8.0.18

MongoDB Server 8.2 < 8.2.4

References

https://jira.mongodb.org/browse/SERVER-114126

CVSS V4

Score:
7.1
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.