MongoDB Server Load Balancer Configuration Denial-of-Service Vulnerability in mongos Component

Vulnerability

A denial-of-service vulnerability has been identified in the mongos component of MongoDB Server. This issue arises from improper handling of incomplete data, which can cause mongos to become unresponsive to new connections. The vulnerability affects MongoDB Server versions 6.0 prior to 6.0.23, 7.0 prior to 7.0.20, and 8.0 prior to 8.0.9. It specifically impacts sharded clusters configured with load balancer support for mongos, using HAProxy on designated ports.

Impact

Exploitation of this vulnerability can lead to mongos becoming unresponsive to new connections, causing a denial-of-service condition in MongoDB sharded clusters.

Added: Jul 7, 2025, 3:50 PM

Updated: Jul 7, 2025, 3:50 PM

Vulnerability Rating

Custom Algorithm

spread

6.8

impact

2.5

exploitability

7.0

remediation

0.0

relevance

0.2

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

6.8

impact

2.5

exploitability

7.0

remediation

0.0

relevance

0.2

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

MongoDB Server Load Balancer Configuration Denial-of-Service Vulnerability in mongos Component

Vulnerability

Impact

Affected Products

MongoDB Server

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating