Actively Exploited in the Wild

This vulnerability is being actively exploited in the wild.

Primary

Context

mongo-express Remote Code Execution Vulnerability

Vulnerability

Exploited

Patched

A remote code execution vulnerability exists in mongo-express versions prior to 0.54.0. The issue arises in endpoints that utilize the 'toBSON' method, allowing for the execution of commands through a misuse of the 'vm' dependency in an unsafe environment.

Impact

Exploitation of this vulnerability allows for remote code execution on the server where mongo-express is running.

Reproduction

To reproduce this vulnerability, send a request to an endpoint that uses the 'toBSON' method. The 'vm' dependency can then be exploited to execute commands on the server. For example, a command could be crafted to open an application like Calculator on macOS, demonstrating the execution of arbitrary code.

Remediation

Upgrade mongo-express to version 0.54.0 or higher.

Added: Mar 12, 2026, 4:56 AM

Updated: Mar 12, 2026, 4:56 AM

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

7.5

exploitability

9.4

remediation

7.7

relevance

0.0

threat

9.9

urgency

2.9

incentive

8.3

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

7.5

exploitability

9.4

remediation

7.7

relevance

0.0

threat

9.9

urgency

2.9

incentive

8.3

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Actively Exploited in the Wild

mongo-express Remote Code Execution Vulnerability

Vulnerability

Impact

Reproduction

Remediation

Affected Products

mongo-express

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating