Vulnerabilidades en MONGODB
24 resultadosCVE-2025-40906CRITICALBSON::XS versions 0.8.4 and earlier for Perl includes a bundled libbson 1.1.7, which has several vulnerabilitiesEPSS 0.5%CVE-2026-11933HIGHPost-authentication use-after-free in server-side JavaScript BSON-to-array conversionEPSS 0.4%CVE-2026-9750HIGHMetadata name collision on $-prefixed fields causes post-auth server crashEPSS 0.4%CVE-2026-9742HIGHAuthenticate command with specific mechanism parameter can trigger server crashEPSS 0.3%CVE-2026-9740HIGHUnbounded recursion in BSONColumn interleaved-reference causes pre-auth stack overflowEPSS 0.3%CVE-2026-9748HIGH$_internalConvertBucketIndexStats may crash the mongod server when working on no timeseries inputEPSS 0.3%CVE-2026-9743HIGHAggregation sub-pipeline null dereference may allow DoS via crafted getMoreEPSS 0.3%CVE-2026-9753HIGHServer crash via malformed binary diff passed to $_internalApplyOplogUpdate.EPSS 0.3%CVE-2025-14911HIGHInteger Overflow in GridFS chunkSize Leading to Heap Allocation FailureEPSS 0.3%CVE-2026-9747HIGHCrafted cross-shard merge aggregation crashes MongoDB ServerEPSS 0.3%CVE-2026-9746HIGHServer crashes in case of the use of exchangeEPSS 0.3%CVE-2026-9752HIGHGeometryCollection with strict-winding polygon causes server crash during 2dsphere index key generationEPSS 0.3%CVE-2026-9749HIGHUsing MaxKey() may crash the serverEPSS 0.3%CVE-2026-6914HIGHMD5 checksum creation may cause availability lossEPSS 0.3%CVE-2026-9754HIGHStack memory disclosure in filemd5 commandEPSS 0.2%CVE-2026-5170MEDIUMUsers could trigger a crash of mongod primaries during promotion to shardedEPSS 0.2%CVE-2025-12119MEDIUMBulk write with options may read invalid memoryEPSS 0.2%CVE-2026-6915MEDIUMFlaw in the updateUser Command May Allow Unauthorized Configuration ChangeEPSS 0.2%CVE-2025-11695HIGHConfiguration may unexpectedly disable certificate validationEPSS 0.2%CVE-2025-12100HIGHMongoDB BI Connector ODBC driver installation via MSI may leave ACLs unset on custom installation directoriesEPSS 0.1%