Known Vulnerabilities for products from Mongodb
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Mongodb".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-54313 json | Not Provided | 2026-06-23 | 2026-06-23 | |
| CVE-2026-48616 json | Not Provided | 2026-06-17 | 2026-06-17 | |
| CVE-2026-45717 json | Not Provided | 2026-05-27 | 2026-05-27 | |
| CVE-2026-45689 json | Not Provided | 2026-06-24 | 2026-06-25 | |
| CVE-2026-45688 json | Not Provided | 2026-06-24 | 2026-06-24 | |
| CVE-2026-45687 json | Not Provided | 2026-06-24 | 2026-06-24 | |
| CVE-2026-45685 json | Not Provided | 2026-06-02 | 2026-06-02 | |
| CVE-2026-42334 json | Not Provided | 2026-05-14 | 2026-05-14 | |
| CVE-2026-41862 json | Not Provided | 2026-06-23 | 2026-06-24 | |
| CVE-2026-41717 json | Not Provided | 2026-06-10 | 2026-06-11 | |
| CVE-2026-11933 json | A use-after-free vulnerability exists in MongoDB Server's server-side JavaScript engine when converting BSON documents to Jav... | Not Provided | 2026-06-12 | 2026-06-22 |
| CVE-2026-9754 json | An authenticated user with the read role may read limited amounts of uninitialized stack memory via specially-crafted issuanc... | Not Provided | 2026-06-09 | 2026-06-18 |
| CVE-2026-9753 json | The $_internalApplyOplogUpdate aggregation pipeline stage can be used to execute a document diff containing a malformed binar... | Not Provided | 2026-06-09 | 2026-06-18 |
| CVE-2026-9752 json | An authorized user could trigger a server crash by running a query with a 2dsphere index on a field that stores a GeoJSON Geo... | Not Provided | 2026-06-09 | 2026-06-18 |
| CVE-2026-9751 json | The ldapQueryPassword parameter, when set through the runtime setParameter command, will log the new password to the mongod.l... | Not Provided | 2026-06-09 | 2026-06-12 |
| CVE-2026-9750 json | An authenticated user can cause a MongoDB server to crash or return incorrect results by creating documents that interfere wi... | Not Provided | 2026-06-09 | 2026-06-15 |
| CVE-2026-9749 json | This issue can occur when running an aggregation pipeline that uses the internal $exchange stage configured with key-range pa... | Not Provided | 2026-06-09 | 2026-06-18 |
| CVE-2026-9748 json | The $_internalConvertBucketIndexStats stage used PauseExecution as a way to signal "skip this document" when an index stats c... | Not Provided | 2026-06-09 | 2026-06-15 |
| CVE-2026-9747 json | Adding fromRouter:true and runtimeConstants.userRoles could cause aggregations to crash mongodb server. | Not Provided | 2026-06-09 | 2026-06-15 |
| CVE-2026-9746 json | When using $changestreams and $_requestReshardingResumeToken with the exchange option the server hits an invariant which caus... | Not Provided | 2026-06-09 | 2026-06-18 |
Known software with vulnerabilities from Mongodb
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Mongodb | Bson | 1.0.0 |
| Application | Mongodb | Js-bson | 0.0.5 |
| Application | Mongodb | Kubernetes Operator | 0.10 |
| Application | Mongodb | Libbson | 0.2.0 |
| Application | Mongodb | Libmongocrypt | 0.3.0 |
| Application | Mongodb | Mongodb | - |
| Application | Mongodb | Mongodb Enterprise Kubernetes Operator | 0.10 |
| Application | Mongodb | Ops Manager | 1.6.0 |