Primary

Context

MongoDB Server Privilege Escalation Vulnerability via $mergeCursors Stage

Vulnerability

A vulnerability in MongoDB Server's handling of the $mergeCursors stage in aggregation pipelines allows unauthorized users to access data without proper authorization. This issue affects MongoDB Server versions 8.0 prior to 8.0.7, 7.0 prior to 7.0.19, and 6.0 prior to 6.0.22.

Impact

Exploitation of this vulnerability could lead to unauthorized data access.

Remediation

Users can upgrade to MongoDB Server versions 8.0.7, 7.0.19, or 6.0.22 to address this vulnerability.

Added: Sep 1, 2025, 7:22 PM

Updated: Sep 1, 2025, 7:22 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

5.2

remediation

0.0

relevance

0.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

5.2

remediation

0.0

relevance

0.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

MongoDB Server Privilege Escalation Vulnerability via $mergeCursors Stage

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating