CVE-2025-12119

Medium CVSS: 6.9

A mongoc_bulk_operation_t may read invalid memory if large options are passed.

Vendor

Product

CWE

Yayın Tarihi

2025-11-18 22:15:45

Güncelleme

2026-01-14 19:16:41

Source Identifier

cna@mongodb.com

KEV Date Added

CWE-825 C Driver MEDIUM Mongodb 2025

https://github.com/mongodb/mongo-c-driver/releases/tag/1.30.6 https://github.com/mongodb/mongo-c-driver/releases/tag/2.1.2 https://github.com/mongodb/mongo-php-driver/releases/tag/1.21.2 https://lists.debian.org/debian-lts-announce/2026/01/msg00009.html

Medium

CVE-2026-5170

A user with access to the cluster with a limited set of privilege actions can trigger a crash of a mongod process during…

Medium

CVE-2026-4358

A specially crafted aggregation query with $lookup by an authenticated user with write privileges can cause a double-fre…

Low

CVE-2026-4359

A compromised third party cloud server or man-in-the-middle attacker could send a malformed HTTP response and cause a cr…

High

CVE-2026-25610

An authorized user may trigger a server crash by running a $geoNear pipeline with certain invalid index hints.

High

CVE-2026-25613

An authorized user may disable the MongoDB server by issuing a query against a collection that contains an invalid compo…

Medium

CVE-2026-25609

Incorrect validation of the profile command may result in the determination that a request altering the 'filter' is read…