Authorization Flaw in MongoDB User Management
CVE-2026-6915

5.3MEDIUM

Key Information:

Vendor: Mongodb
Status: Mongodb Server
Vendor: CVE Published:; 29 April 2026

What is CVE-2026-6915?

An authorization flaw has been identified in the user management command of MongoDB, allowing authenticated users to make unauthorized modifications to authentication-related data associated with other user accounts. This vulnerability poses risks to the integrity of account authentication, potentially enabling unauthorized access or changes that could compromise the security of user data.

Affected Version(s)

MongoDB Server 8.2.0 < 8.2.7

MongoDB Server 8.0.0 < 8.0.21

MongoDB Server 7.0.0 < 7.0.32

References

https://jira.mongodb.org/browse/SERVER-119679

CVSS V4

Score:

5.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 29, 2026
Vulnerability Reserved
Apr 23, 2026

CVE-2026-6915 Data

JSON

Mongodb

What is CVE-2026-6915?

Affected Version(s)

References

CVSS V4

Timeline