CVE-2026-6915

EPSS 0.05%
Veröffentlicht 29.04.2026 17:16:41
Zuletzt bearbeitet 06.05.2026 20:08:44
Quelle cna@mongodb.com
CVE-Watchlists
Login
Unerledigt
Login

Flaw in the updateUser Command May Allow Unauthorized Configuration Change

An authorization flaw in the user management command could allow an authenticated user to make limited changes to authentication-related data associated with another user account. This could affect how authentication is performed for the impacted account.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 4

NVD 3 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Mongodb ≫ Mongodb SwEdition- Version >= 7.0.0 < 7.0.32

Mongodb ≫ Mongodb SwEdition- Version >= 8.0.0 < 8.0.21

Mongodb ≫ Mongodb SwEdition- Version >= 8.2.0 < 8.2.7

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.05%	0.142

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4.3	2.8	1.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
cna@mongodb.com	5.3	0	0	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
cna@mongodb.com	6.3	2.8	3.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CWE-1284 Improper Validation of Specified Quantity in Input

The product receives input that is expected to specify a quantity (such as size or length), but it does not validate or incorrectly validates that the quantity has the required properties.

https://jira.mongodb.org/browse/SERVER-119679

Patch

Issue Tracking

https://nvd.nist.gov/vuln/detail/CVE-2026-6915

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-6915

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-6915

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2026-6915