MongoDB Ops Manager Webhook Command Execution Vulnerability

Vulnerability

A vulnerability exists in MongoDB Ops Manager that allows an administrative user to execute arbitrary commands by configuring webhooks with specific FreeMarker template syntax and then triggering those webhooks. This issue affects all MongoDB Ops Manager 7.0 versions and MongoDB Ops Manager versions 8.0.22 and prior.

Impact

Exploitation of this vulnerability allows for arbitrary command execution on the server where MongoDB Ops Manager is running.

Added: May 12, 2026, 9:06 PM

Updated: May 12, 2026, 9:06 PM

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

7.5

exploitability

4.8

remediation

0.0

relevance

8.1

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

7.5

exploitability

4.8

remediation

0.0

relevance

8.1

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

MongoDB Ops Manager Webhook Command Execution Vulnerability

Vulnerability

Impact

Affected Products

MongoDB Ops Manager

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating