CVE-2026-1850
BaseFortify
Publication date: 2026-02-10
Last updated on: 2026-02-25
Assigner: MongoDB, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| mongodb | mongodb | From 8.0.0 (inc) to 8.0.18 (exc) |
| mongodb | mongodb | From 8.2.0 (inc) to 8.2.4 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-770 | The product allocates a reusable resource or group of resources on behalf of an actor without imposing any intended restrictions on the size or number of resources that can be allocated. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability occurs in the MongoDB Query Planner where complex queries can cause excessive memory usage. This excessive memory consumption can lead to an Out-Of-Memory (OOM) crash, causing the database service to stop functioning properly.
How can this vulnerability impact me? :
The impact of this vulnerability is primarily availability-related. Because complex queries can cause the MongoDB Query Planner to consume excessive memory and crash, it can lead to denial of service where the database becomes unavailable until it is restarted or recovered.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
I don't know
What immediate steps should I take to mitigate this vulnerability?
I don't know