Known Vulnerabilities for products from MongoDB
Listed below are 20 of the newest known vulnerabilities associated with the vendor "MongoDB".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-34163 | Not Provided | 2026-03-31 | 2026-03-31 | |
| CVE-2026-5170 | Not Provided | 2026-03-30 | 2026-03-30 | |
| CVE-2026-4359 | A compromised third party cloud server or man-in-the-middle attacker could send a malformed HTTP response and cause a crash i... | Not Provided | 2026-03-17 | 2026-04-02 |
| CVE-2026-4358 | A specially crafted aggregation query with $lookup by an authenticated user with write privileges can cause a double-free or ... | Not Provided | 2026-03-17 | 2026-04-02 |
| CVE-2022-24272 | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 6.5 - MEDIUM | 2022-04-21 | 2022-05-11 |
| CVE-2021-32050 | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 7.5 - HIGH | 2023-08-29 | 2023-10-06 |
| CVE-2021-32040 | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 7.5 - HIGH | 2022-04-12 | 2023-02-03 |
| CVE-2021-32039 | Users with appropriate file access may be able to access unencrypted user credentials saved by MongoDB Extension for VS Code ... | 5.5 - MEDIUM | 2022-01-20 | 2024-01-23 |
| CVE-2021-32037 | An authorized user may trigger an invariant which may result in denial of service or server exit if a relevant aggregation re... | 6.5 - MEDIUM | 2021-11-24 | 2024-01-23 |
| CVE-2021-32036 | An authenticated user without any specific authorizations may be able to repeatedly invoke the features command where at a hi... | 7.1 - HIGH | 2022-02-04 | 2024-01-23 |
| CVE-2021-20335 | For MongoDB Ops Manager <= 4.2.24 with multiple OM application servers, that have SSL turned on for their MongoDB processes, ... | 4.6 - MEDIUM | 2021-02-11 | 2024-01-23 |
| CVE-2021-20334 | A malicious 3rd party with local access to the Windows machine where MongoDB Compass is installed can execute arbitrary softw... | 7.8 - HIGH | 2021-04-06 | 2021-04-14 |
| CVE-2021-20333 | Sending specially crafted commands to a MongoDB Server may result in artificial log entries being generated or for log entrie... | 5.3 - MEDIUM | 2021-07-23 | 2024-01-23 |
| CVE-2021-20332 | Specific MongoDB Rust Driver versions can include credentials used by the connection pool to authenticate connections in the ... | 4.4 - MEDIUM | 2021-08-02 | 2024-01-23 |
| CVE-2021-20331 | Specific versions of the MongoDB C# Driver may erroneously publish events containing authentication-related data to a command... | 4.9 - MEDIUM | 2021-05-13 | 2024-01-23 |
| CVE-2021-20330 | An attacker with basic CRUD permissions on a replicated collection can run the applyOps command with specially malformed oplo... | 6.5 - MEDIUM | 2021-12-15 | 2024-01-23 |
| CVE-2021-20329 | Specific cstrings input may not be properly validated in the MongoDB Go Driver when marshalling Go objects into BSON. A malic... | 6.5 - MEDIUM | 2021-06-10 | 2024-01-23 |
| CVE-2021-20328 | Specific versions of the Java driver that support client-side field level encryption (CSFLE) fail to perform correct host nam... | 6.8 - MEDIUM | 2021-02-25 | 2021-06-11 |
| CVE-2021-20327 | A specific version of the Node.js mongodb-client-encryption module does not perform correct validation of the KMS server’s ... | 6.8 - MEDIUM | 2021-02-25 | 2021-03-04 |
| CVE-2021-20326 | A user authorized to performing a specific type of find query may trigger a denial of service. This issue affects: MongoDB In... | 6.5 - MEDIUM | 2021-04-30 | 2024-01-23 |
Known software with vulnerabilities from MongoDB
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Mongodb | Bson | 1.0.0 |
| Application | Mongodb | Js-bson | 0.0.5 |
| Application | Mongodb | Kubernetes Operator | 0.2 |
| Application | Mongodb | Libbson | 0.2.0 |
| Application | Mongodb | Libmongocrypt | 0.3.0 |
| Application | Mongodb | Mongodb | - |
| Application | Mongodb | Mongodb Enterprise Kubernetes Operator | 0.2 |
| Application | Mongodb | Ops Manager | 1.6.0 |