MongoDB Multiple Vulnerabilities

Release Date: 30 Apr 2026

RISK: Medium Risk

TYPE: Servers - Database Servers

Multiple vulnerabilities were identified in MongoDB. A remote attacker could exploit some of these vulnerabilities to trigger data manipulation, denial of service condition and security restriction bypass on the targeted system.

---

Impact

• Denial of Service
• Data Manipulation
• Security Restriction Bypass

---

System / Technologies affected

• MongoDB Server 7.0.0 versions prior to 7.0.32
• MongoDB Server 8.0.0 versions prior to 8.0.21
• MongoDB Server 8.1.* and prior versions
• MongoDB Server 8.2.0 versions prior to 8.2.7

---

Solutions

Before installation of the software, please visit the vendor web-site for more details.

Apply fixes issued by the vendor:

 

• https://www.mongodb.com/resources/products/alerts#security

---

Vulnerability Identifier

• CVE-2026-6914
• CVE-2026-6915

---

Source

• MongoDB

---

Related Link

• https://www.mongodb.com/resources/products/alerts#security
• https://jira.mongodb.org/browse/SERVER-119679
• https://jira.mongodb.org/browse/SERVER-119981