CVE-2026-25611
Memory Exhaustion Vulnerability in MongoDB Causing Server Crash
Publication date: 2026-02-10
Last updated on: 2026-02-10
Assigner: MongoDB, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| mongodb | mongodb | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-405 | The product does not properly control situations in which an adversary can cause the product to consume or produce excessive resources without requiring the adversary to invest equivalent work or otherwise prove authorization, i.e., the adversary's influence is "asymmetric." |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability involves a series of specifically crafted, unauthenticated messages that can be sent to a MongoDB server.
These messages are designed to exhaust the available memory on the server, which can cause the MongoDB server to crash.
How can this vulnerability impact me? :
The primary impact of this vulnerability is a denial of service condition where the MongoDB server crashes due to memory exhaustion.
Since the attack requires no authentication, an attacker can exploit this remotely without any privileges.
This can lead to service downtime and unavailability of data stored in the MongoDB server.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
I don't know
What immediate steps should I take to mitigate this vulnerability?
I don't know