[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"public-cve-CVE-2026-11933":3,"news-by-cve-CVE-2026-11933-10":60},{"assigner_org":4,"assigner_short_name":4,"cvss_version":5,"cvss_vector":6,"references_preview":7,"has_ai_summary":11,"id":12,"cvss_score":13,"nvd_cvss_vector":6,"nvd_cvss_severity":14,"in_kev":11,"has_exploit":11,"has_workaround":11,"attack_technique_count":15,"date_updated":16,"kev_ransomware_use":11,"has_solution":11,"exploit_count":17,"affected_product_count":18,"affected_products_preview":19,"sectors":25,"attack_tactics":26,"source_identifier":29,"reference_count":18,"description":30,"sources":31,"state":33,"title":34,"cvss_severity":14,"tags":35,"has_nuclei_templates":11,"has_attack_graph":36,"weaknesses":37,"date_published":40,"nvd_cvss_score":13,"attack_techniques":41,"nuclei_template_count":17,"vendor_context":53,"cvss_source":32,"remediation_summary":59},"","3.1","CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",[8],{"url":9,"source":10},"https://jira.mongodb.org/browse/SERVER-128125","cvelist",false,"CVE-2026-11933",8.8,"HIGH",2,"2026-06-12T02:16:38Z",0,1,[20],{"vendor":21,"product":21,"sector":22,"subsector":23,"deployment":24},"MongoDB","databases","nosql","on-prem",[22],[27,28],"Initial Access","Privilege Escalation","a39b4221-9bd0-4244-95fc-f3e2e07f1deb","A use-after-free vulnerability exists in MongoDB Server's server-side JavaScript engine when converting BSON documents to JavaScript arrays. An authenticated user with read privileges who is able to run server-side JavaScript (for example, via $where or $function) can cause the server to access memory that has already been freed. This may result in disclosure of information from the mongod process memory or a denial of service through a server crash.",[10,32],"nvd","PUBLISHED","Post-authentication use-after-free in server-side JavaScript BSON-to-array conversion",[],true,[38],{"cwe_id":39,"name":4},"CWE-787","2026-06-12T01:57:32Z",[42,48],{"tactic_name":27,"url":43,"confidence":44,"technique_id":45,"technique_name":46,"tactic":47},"https://attack.mitre.org/techniques/T1190/","high","T1190","Exploit Public-Facing Application","initial-access",{"confidence":44,"technique_id":49,"technique_name":50,"tactic":51,"tactic_name":28,"url":52},"T1068","Exploitation for Privilege Escalation","privilege-escalation","https://attack.mitre.org/techniques/T1068/",[54],{"subsector":23,"vendor":55,"vendor_type":56,"country":57,"aliases":58,"sector":22},"mongodb","commercial","US",[],{"has_patch":11,"has_workaround":11},{"cve_id":12,"items":61,"total":17},[]]