mongodb

Top products

The 15 most recently published vulnerabilities affecting mongodb.

• CVE-2026-11933Post-authentication use-after-free in server-side JavaScript BSON-to-array conversion8.8Jun 12, 2026
• CVE-2026-9740Unbounded recursion in BSONColumn interleaved-reference causes pre-auth stack overflow7.5Jun 9, 2026
• CVE-2026-9735Keyfile contents are in MongoDB Server logs5.5Jun 9, 2026
• CVE-2026-9754Stack memory disclosure in filemd5 command6.5Jun 9, 2026
• CVE-2026-9753Server crash via malformed binary diff passed to $_internalApplyOplogUpdate.8.1Jun 9, 2026
• CVE-2026-9752GeometryCollection with strict-winding polygon causes server crash during 2dsphere index key generation6.5Jun 9, 2026
• CVE-2026-9751Sensitive data could be written to mongod.log5.5Jun 9, 2026
• CVE-2026-9750Metadata name collision on $-prefixed fields causes post-auth server crash6.5Jun 9, 2026
• CVE-2026-9749Using MaxKey() may crash the server6.5Jun 9, 2026
• CVE-2026-9748$_internalConvertBucketIndexStats may crash the mongod server when working on no timeseries input6.5Jun 9, 2026
• CVE-2026-9747Crafted cross-shard merge aggregation crashes MongoDB Server6.5Jun 9, 2026
• CVE-2026-9746Server crashes in case of the use of exchange6.5Jun 9, 2026
• CVE-2026-9743Aggregation sub-pipeline null dereference may allow DoS via crafted getMore6.5Jun 9, 2026
• CVE-2026-9742Authenticate command with specific mechanism parameter can trigger server crash7.5Jun 9, 2026
• CVE-2026-9741Client side encryption fails to encrypt values in a $vectorSearch6.5Jun 9, 2026