MongoDB Server Use-After-Free Vulnerability Leading to Crash

Vulnerability

A use-after-free vulnerability has been identified in MongoDB Server that can be triggered by an authenticated user. This vulnerability may cause the server to crash and lead to other unexpected behaviors, even if the user lacks the authorization to shut down the server. The issue arises when certain aggregation framework operations are performed using a specific combination of rarely-used pipeline expressions. Affected versions include MongoDB Server v6.0 prior to 6.0.21, v7.0 prior to 7.0.17, and v8.0 prior to 8.0.4, but only when the SBE engine is enabled.

Impact

Exploitation of this vulnerability causes a crash of the MongoDB Server, disrupting service and potentially leading to a denial of ongoing operations.

Added: Sep 1, 2025, 7:22 PM

Updated: Sep 1, 2025, 7:22 PM

Vulnerability Rating

Custom Algorithm

spread

6.8

impact

2.5

exploitability

4.5

remediation

8.3

relevance

0.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

6.8

impact

2.5

exploitability

4.5

remediation

8.3

relevance

0.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

MongoDB Server Use-After-Free Vulnerability Leading to Crash

Vulnerability

Impact

Affected Products

MongoDB Server

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating