Primary

Context

Mongoid Arbitrary Code Execution Vulnerability via Hash Processing

Vulnerability

A vulnerability in the Mongoid library allows for arbitrary Ruby code execution under certain conditions. This issue arises when the 'Mongoid::Criteria.from_hash' method processes a maliciously crafted Hash value. The vulnerability is present in Mongoid versions 7.6.1, 8.0.12, 8.1.12, and 9.0.10.

Impact

Exploitation of this vulnerability could lead to unauthorized execution of Ruby code within the application.

Remediation

Users can upgrade to Mongoid versions 8.1.12, 9.0.10, or 8.0.12 to address this vulnerability.

Added: Feb 10, 2026, 7:25 PM

Updated: Feb 11, 2026, 3:00 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

6.6

remediation

0.0

relevance

3.0

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

6.6

remediation

0.0

relevance

3.0

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Mongoid Arbitrary Code Execution Vulnerability via Hash Processing

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating