8.7
CVE-2026-25611
- EPSS 0.06%
- Veröffentlicht 10.02.2026 18:16:37
- Zuletzt bearbeitet 15.04.2026 00:35:42
- Quelle cna@mongodb.com
- CVE-Watchlists
- Unerledigt
Pre-Authentication Memory Exhaustion Denial of Service in MongoDB Server
A series of specifically crafted, unauthenticated messages can exhaust available memory and crash a MongoDB server.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerMongoDB Inc
≫
Produkt
MongoDB Server
Default Statusunaffected
Version
8.2
Version <
8.2.4
Status
affected
Version
8.0
Version <
8.0.18
Status
affected
Version
7.0
Version <
7.0.29
Status
affected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.06% | 0.175 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| cna@mongodb.com | 8.7 | 0 | 0 |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
|
| cna@mongodb.com | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
CWE-405 Asymmetric Resource Consumption (Amplification)
The product does not properly control situations in which an adversary can cause the product to consume or produce excessive resources without requiring the adversary to invest equivalent work or otherwise prove authorization, i.e., the adversary's influence is "asymmetric."