Search CVE reports


Toggle filters

21 – 30 of 1861 results


CVE-2026-9750

Medium priority
Needs evaluation

An authenticated user can cause a MongoDB server to crash or return incorrect results by creating documents that interfere with internal metadata processing during query execution. This stems from insufficient separation between...

1 affected package

mongodb

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
mongodb Not in release Not in release Not in release Needs evaluation Needs evaluation
Show less packages

CVE-2026-9749

Medium priority
Needs evaluation

This issue can occur when running an aggregation pipeline that uses the internal $exchange stage configured with key-range partitioning and order-preserving delivery. If a single key range produces enough documents to fill its...

1 affected package

mongodb

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
mongodb Not in release Not in release Not in release Needs evaluation Needs evaluation
Show less packages

CVE-2026-9748

Medium priority
Needs evaluation

The $_internalConvertBucketIndexStats stage used PauseExecution as a way to signal "skip this document" when an index stats conversion failed. But PauseExecution is not a general purpose skip mechanism, but rather...

1 affected package

mongodb

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
mongodb Not in release Not in release Not in release Needs evaluation Needs evaluation
Show less packages

CVE-2026-9747

Medium priority
Needs evaluation

Adding fromRouter:true and runtimeConstants.userRoles could cause aggregations to crash mongodb server.

1 affected package

mongodb

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
mongodb Not in release Not in release Not in release Needs evaluation Needs evaluation
Show less packages

CVE-2026-9746

Medium priority
Needs evaluation

When using $changestreams and $_requestReshardingResumeToken with the exchange option the server hits an invariant which causes the server to crash. There are no special privileges needed. The user must be logged in to issue the statement.

1 affected package

mongodb

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
mongodb Not in release Not in release Not in release Needs evaluation Needs evaluation
Show less packages

CVE-2026-9743

Medium priority
Needs evaluation

In MongoDB Server 8.0, an aggregation stage can leave its _subPipeline field null during processing of certain pipelines. If a getMore is subsequently issued on the same cursor, the server may dereference this null sub-pipeline...

1 affected package

mongodb

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
mongodb Not in release Not in release Not in release Needs evaluation Needs evaluation
Show less packages

CVE-2026-9742

Medium priority
Needs evaluation

When OIDC authentication is enabled in configuration, clients may set specific values in the "mechanism" parameter of the "authenticate" command that lead to server crash. The authenticate command is accessible to unauthenticated...

1 affected package

mongodb

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
mongodb Not in release Not in release Not in release Needs evaluation Needs evaluation
Show less packages

CVE-2026-9741

Medium priority
Needs evaluation

A bug in query analysis processing of the $vectorSearch aggregation stage for Queryable Encryption (QE) or Client-Side Field Level Encryption (CSFLE) results in literal values for encrypted fields within the $vectorSearch stage...

1 affected package

mongodb

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
mongodb Not in release Not in release Not in release Needs evaluation Needs evaluation
Show less packages

CVE-2026-9740

Medium priority
Needs evaluation

A vulnerability in MongoDB Server's BSON validation logic allows an unauthenticated user to crash the mongod process by sending a specially crafted message. The BSON validator's handling of certain nested binary data structures...

1 affected package

mongodb

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
mongodb Not in release Not in release Not in release Needs evaluation Needs evaluation
Show less packages

CVE-2026-9735

Medium priority
Needs evaluation

MongoDB server may log authentication parameters, including credentials, to the server log during SASL authentication. When connection health metric logging is enabled, the full authentication parameters are written to the log...

1 affected package

mongodb

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
mongodb Not in release Not in release Not in release Needs evaluation Needs evaluation
Show less packages