Known Vulnerabilities for products from MongoDB
Listed below are 20 of the newest known vulnerabilities associated with the vendor "MongoDB".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-40352 json | Not Provided | 2026-04-17 | 2026-04-20 | |
| CVE-2026-40351 json | Not Provided | 2026-04-17 | 2026-04-20 | |
| CVE-2026-39857 json | Not Provided | 2026-04-15 | 2026-04-16 | |
| CVE-2026-34163 json | Not Provided | 2026-03-31 | 2026-03-31 | |
| CVE-2026-33888 json | Not Provided | 2026-04-15 | 2026-04-15 | |
| CVE-2026-33877 json | Not Provided | 2026-04-15 | 2026-04-15 | |
| CVE-2026-31827 json | Not Provided | 2026-03-10 | 2026-03-11 | |
| CVE-2026-6231 json | Not Provided | 2026-04-13 | 2026-04-13 | |
| CVE-2026-5170 json | A user with access to the cluster with a limited set of privilege actions can trigger a crash of a mongod process during the... | Not Provided | 2026-03-30 | 2026-04-02 |
| CVE-2026-4359 json | A compromised third party cloud server or man-in-the-middle attacker could send a malformed HTTP response and cause a crash i... | Not Provided | 2026-03-17 | 2026-04-02 |
| CVE-2026-4358 json | A specially crafted aggregation query with $lookup by an authenticated user with write privileges can cause a double-free or ... | Not Provided | 2026-03-17 | 2026-04-02 |
| CVE-2026-4148 json | A use-after-free vulnerability can be triggered in sharded clusters by an authenticated user with the read role who issues a ... | Not Provided | 2026-03-17 | 2026-04-10 |
| CVE-2026-4147 json | An authenticated user with the read role may read limited amounts of uninitialized stack memory via specially-crafted issuanc... | Not Provided | 2026-03-17 | 2026-04-10 |
| CVE-2023-4009 json | In MongoDB Ops Manager v5.0 prior to 5.0.22 and v6.0 prior to 6.0.17 it is possible for an authenticated user with project ow... | 7.2 - HIGH | 2023-08-08 | 2023-08-31 |
| CVE-2023-1409 json | If the MongoDB Server running on Windows or macOS is configured to use TLS with a specific set of configuration options that ... | 7.5 - HIGH | 2023-08-23 | 2023-09-21 |
| CVE-2023-0437 json | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 7.5 - HIGH | 2024-01-12 | 2024-01-24 |
| CVE-2023-0436 json | The affected versions of MongoDB Atlas Kubernetes Operator may print sensitive information like GCP service account keys and ... | 7.5 - HIGH | 2023-11-07 | 2023-11-14 |
| CVE-2023-0342 json | MongoDB Ops Manager Diagnostics Archive may not redact sensitive PEM key file password app settings. Archives do not include ... | 5.3 - MEDIUM | 2023-06-09 | 2023-06-30 |
| CVE-2022-48282 json | Under very specific circumstances (see Required configuration section below), a privileged user is able to cause arbitrary co... | 7.2 - HIGH | 2023-02-21 | 2023-06-21 |
| CVE-2022-24272 json | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 6.5 - MEDIUM | 2022-04-21 | 2022-05-11 |
Known software with vulnerabilities from MongoDB
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Mongodb | Bson | 1.0.0 |
| Application | Mongodb | Js-bson | 0.0.5 |
| Application | Mongodb | Kubernetes Operator | 0.10 |
| Application | Mongodb | Libbson | 0.2.0 |
| Application | Mongodb | Libmongocrypt | 0.3.0 |
| Application | Mongodb | Mongodb | - |
| Application | Mongodb | Mongodb Enterprise Kubernetes Operator | 0.10 |
| Application | Mongodb | Ops Manager | 1.6.0 |