Primary

Context

MongoDB Denial-of-Service Vulnerability via Memory Exhaustion

Vulnerability

Patched

A denial-of-service vulnerability has been identified in MongoDB servers. This issue arises when a series of specifically crafted, unauthenticated messages are sent to the server, leading to excessive memory consumption and causing the server to crash. The vulnerability is present in MongoDB versions 8.0.20, 8.0.18, 7.0.29, 7.0.31, 8.2.4, and 8.2.6.

Impact

Exploitation of this vulnerability can cause a MongoDB server to run out of available memory and crash.

Remediation

Users can upgrade to MongoDB versions 8.2.4, 8.0.18, 7.0.29, 8.0.20, 7.0.31, or 8.2.6 to address this vulnerability.

Added: Feb 10, 2026, 6:25 PM

Updated: Feb 11, 2026, 1:37 AM

Vulnerability Rating

Custom Algorithm

spread

6.8

impact

2.5

exploitability

7.0

remediation

7.7

relevance

2.7

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

6.8

impact

2.5

exploitability

7.0

remediation

7.7

relevance

2.7

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

MongoDB Denial-of-Service Vulnerability via Memory Exhaustion

Vulnerability

Impact

Remediation

Affected Products

MongoDB

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating