Primary

Context

MongoDB Stack Memory Exposure Vulnerability via FileMD5 Command

Vulnerability

Patched

A vulnerability exists in MongoDB that allows an authenticated user with the read role to access limited amounts of uninitialized stack memory. This is achieved through specially-crafted use of the filemd5 command.

Impact

Exploitation of this vulnerability could lead to unauthorized access to sensitive stack memory, potentially allowing for information disclosure.

Remediation

Users can upgrade to MongoDB versions 8.3, 8.0.20, or 7.0.31 to address this vulnerability.

Added: Mar 17, 2026, 4:20 PM

Updated: Mar 17, 2026, 4:20 PM

Vulnerability Rating

Custom Algorithm

spread

6.8

impact

0.6

exploitability

4.9

remediation

7.7

relevance

4.0

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

6.8

impact

0.6

exploitability

4.9

remediation

7.7

relevance

4.0

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

MongoDB Stack Memory Exposure Vulnerability via FileMD5 Command

Vulnerability

Impact

Remediation

Affected Products

MongoDB

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating