Known Vulnerabilities for products from MongoDB
Listed below are 20 of the newest known vulnerabilities associated with the vendor "MongoDB".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-45717 json | Not Provided | 2026-05-27 | 2026-05-27 | |
| CVE-2026-45685 json | Not Provided | 2026-06-02 | 2026-06-02 | |
| CVE-2026-42334 json | Not Provided | 2026-05-14 | 2026-05-14 | |
| CVE-2026-40352 json | Not Provided | 2026-04-17 | 2026-04-20 | |
| CVE-2026-40351 json | Not Provided | 2026-04-17 | 2026-04-20 | |
| CVE-2026-39857 json | Not Provided | 2026-04-15 | 2026-04-16 | |
| CVE-2026-34163 json | Not Provided | 2026-03-31 | 2026-03-31 | |
| CVE-2026-33888 json | Not Provided | 2026-04-15 | 2026-04-15 | |
| CVE-2026-33877 json | Not Provided | 2026-04-15 | 2026-04-15 | |
| CVE-2026-31827 json | Not Provided | 2026-03-10 | 2026-03-11 | |
| CVE-2026-8336 json | After invoking $_internalJsEmit, which is not intended to be directly accessible, or mapreduce command’s map function in a ... | Not Provided | 2026-05-13 | 2026-05-18 |
| CVE-2026-8202 json | Using a densely populated chars mask and a large input string in the MongoDB aggregation operators $trim, $ltrim, and $rtrim,... | Not Provided | 2026-05-13 | 2026-05-18 |
| CVE-2026-8201 json | A use-after-free vulnerability exists in MongoDB's Field-Level Encryption (FLE) query analysis component, affecting client-si... | Not Provided | 2026-05-13 | 2026-05-13 |
| CVE-2026-8200 json | When schema validation is enabled on a collection and an update or insert would violate the collection's schema, the local se... | Not Provided | 2026-05-13 | 2026-05-18 |
| CVE-2026-8199 json | An authenticated user can cause excess memory usage via bitwise match expression AST processing of $bitsAllSet, $bitsAnySet, ... | Not Provided | 2026-05-13 | 2026-05-13 |
| CVE-2026-8063 json | An authenticated user can crash mongod when running $rankFusion or $scoreFusion with an empty pipeline on a view. When resol... | Not Provided | 2026-05-07 | 2026-05-11 |
| CVE-2026-8053 json | An issue in MongoDB Server's time-series collection implementation allows an authenticated user with database write privilege... | Not Provided | 2026-05-13 | 2026-05-18 |
| CVE-2026-6915 json | An authorization flaw in the user management command could allow an authenticated user to make limited changes to authenticat... | Not Provided | 2026-04-29 | 2026-05-06 |
| CVE-2026-6914 json | Computing the MD5 checksum of a malformed BSON object under specific conditions may cause loss of availability in MongoDB ser... | Not Provided | 2026-04-29 | 2026-05-06 |
| CVE-2026-6231 json | The bson_validate function may return early on specific inputs and incorrectly report success. This behavior could result in ... | Not Provided | 2026-04-13 | 2026-05-06 |
Known software with vulnerabilities from MongoDB
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Mongodb | Bson | 1.0.0 |
| Application | Mongodb | Js-bson | 0.0.5 |
| Application | Mongodb | Kubernetes Operator | 0.10 |
| Application | Mongodb | Libbson | 0.2.0 |
| Application | Mongodb | Libmongocrypt | 0.3.0 |
| Application | Mongodb | Mongodb | - |
| Application | Mongodb | Mongodb Enterprise Kubernetes Operator | 0.10 |
| Application | Mongodb | Ops Manager | 1.6.0 |