Primary

Context

MongoDB Out-of-Memory Crash Vulnerability in Query Planner

Vulnerability

Patched

A vulnerability in the MongoDB Query Planner can lead to excessive memory consumption, causing an out-of-memory crash. This issue arises from complex queries that the query planner processes, which can overwhelm system resources.

Impact

Exploitation of this vulnerability causes a denial-of-service condition by leading the MongoDB server to run out of memory and crash.

Reproduction

To reproduce this vulnerability, create a collection and insert a document. Then, run one of the queries mentioned in the related Jira issue SERVER-113877, which will trigger the excessive memory usage in the query planner.

Remediation

Users can upgrade to MongoDB versions 8.3.0-rc0, 8.2.4, or 8.0.18 to address this vulnerability.

Added: Feb 10, 2026, 7:37 PM

Updated: Feb 11, 2026, 1:28 AM

Vulnerability Rating

Custom Algorithm

spread

6.8

impact

2.5

exploitability

9.1

remediation

7.7

relevance

2.7

threat

6.4

urgency

2.9

incentive

8.3

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

6.8

impact

2.5

exploitability

9.1

remediation

7.7

relevance

2.7

threat

6.4

urgency

2.9

incentive

8.3

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

MongoDB Out-of-Memory Crash Vulnerability in Query Planner

Vulnerability

Impact

Reproduction

Remediation

Affected Products

MongoDB

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating