Medium
CVE-2026-5170
A user with access to the cluster with a limited set of privilege actions can trigger a crash of a mongod process during…
Medium
CVE-2026-4358
A specially crafted aggregation query with $lookup by an authenticated user with write privileges can cause a double-fre…
Low
CVE-2026-4359
A compromised third party cloud server or man-in-the-middle attacker could send a malformed HTTP response and cause a cr…
High
CVE-2026-25610
An authorized user may trigger a server crash by running a $geoNear pipeline with certain invalid index hints.
High
CVE-2026-25613
An authorized user may disable the MongoDB server by issuing a query against a collection that contains an invalid compo…
High
CVE-2026-1847
Inserting certain large documents into a replica set could lead to replica set secondaries not being able to fetch the o…