CVE-2026-25612
Lock Collision Deadlock in MongoDB Server Causes Service Unavailability
Publication date: 2026-02-10
Last updated on: 2026-02-10
Assigner: MongoDB, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| mongodb | mongodb | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-412 | The product properly checks for the existence of a lock, but the lock can be externally controlled or influenced by an actor that is outside of the intended sphere of control. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability involves the internal locking mechanism of the MongoDB server. The server uses an internal encoding of resources to determine which lock to acquire. However, collections may unintentionally collide in this encoding, causing conflicting locks between them.
As a result, these collisions can lead to unavailability issues because the conflicting locks prevent normal access to the collections.
How can this vulnerability impact me? :
The primary impact of this vulnerability is unavailability of MongoDB collections. Due to conflicting locks caused by the internal encoding collision, collections may become inaccessible or experience downtime.
This can disrupt applications relying on MongoDB for data storage and retrieval, potentially causing service interruptions.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
I don't know
What immediate steps should I take to mitigate this vulnerability?
I don't know