Denial of Service Vulnerability in MongoDB Server by MongoDB
CVE-2026-5170

6MEDIUM

Key Information:

Vendor: Mongodb
Status: Mongodb Server
Vendor: CVE Published:; 30 March 2026

What is CVE-2026-5170?

A user with limited privileges on a MongoDB cluster can exploit a specific window during the promotion of a replica set to a sharded cluster, potentially crashing the mongod process. This disruption can lead to a denial of service by incapacitating the primary replica set, impacting accessibility and reliability for users and applications relying on the database.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

MongoDB Server 8.2 < 8.2.2

MongoDB Server 8.0 < 8.0.18

MongoDB Server 7.0 < 7.0.31

References

https://jira.mongodb.org/browse/SERVER-101758

vendor-advisory

CVSS V4

Score:

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 30, 2026
Vulnerability Reserved
Mar 30, 2026

JSON

Mongodb

What is CVE-2026-5170?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V4

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.