Mongodb: >> Mongodb >> 6.1.1 Security Vulnerabilities
The $_internalApplyOplogUpdate aggregation pipeline stage can be used to execute a document diff containing a malformed binary diff to return memory out-of-bounds or crash the server. $_internalApplyOplogUpdate can be executed by any authenticated user with access to the aggregate command.
CVSS Score
7.2
EPSS Score
0.003
Published
2026-06-09
The KMIP response parser built into mongo binaries is overly tolerant of certain malformed packets, and may parse them into invalid objects. Later reads of this object can result in read access violations.
CVSS Score
5.9
EPSS Score
0.003
Published
2025-11-03
MongoDB on Red Hat Satellite 6 allows local users to bypass authentication by logging in with an empty password and delete information which can cause a Denial of Service.
CVSS Score
5.5
EPSS Score
0.003
Published
2017-06-06