MongoDB DoS Vulnerability Advisory - CVSS 5.3
Summary
CERT-Bund issued security advisory WID-SEC-2026-0920 disclosing a denial of service vulnerability in MongoDB with CVSS Base Score 5.3 (medium) and Temporal Score 4.6 (medium). The vulnerability affects MongoDB versions prior to 8.3.0-rc0, 8.2.2, 8.0.18, and 7.0.31 across Linux, UNIX, and Windows platforms. A remote, authenticated attacker can exploit this flaw to conduct a DoS attack; mitigations are available.
What changed
CERT-Bund published advisory WID-SEC-2026-0920 disclosing CVE details for a MongoDB denial of service vulnerability. The flaw allows a remote, authenticated attacker to trigger DoS conditions in affected MongoDB instances running versions prior to 8.3.0-rc0, 8.2.2, 8.0.18, and 7.0.31 on Linux, UNIX, and Windows systems.
Organizations running affected MongoDB deployments should verify their current versions immediately and apply available patches or mitigations. Priority should be given to production database environments. No specific compliance deadline or regulatory penalty framework is associated with this advisory.
What to do next
- Identify MongoDB instances running affected versions (prior to 8.3.0-rc0, 8.2.2, 8.0.18, 7.0.31)
- Apply available patches or mitigations to vulnerable systems
- Verify mitigation effectiveness through testing
Source document (simplified)
[WID-SEC-2026-0920] MongoDB: Schwachstelle ermöglicht Denial of Service CVSS Base Score 5.3 (mittel) CVSS Temporal Score 4.6 (mittel) Remoteangriff ja Datum 30.03.2026 Stand 31.03.2026 Mitigation ja
Betroffene Systeme
Betriebssystem
- Linux
- UNIX
- Windows
Produktbeschreibung
MongoDB ist ein Open-Source-Dokumentendatenbank.
Produkte
30.03.2026
- Open Source MongoDB <8.3.0-rc0
Open Source MongoDB <8.2.2
Open Source MongoDB <8.0.18
Open Source MongoDB <7.0.31
Angriff
Angriff
Ein entfernter, authentisierter Angreifer kann eine Schwachstelle in MongoDB ausnutzen, um einen Denial of Service Angriff durchzuführen. CVE Informationen Versionshistorie Feedback zum Advisory geben
Named provisions
Related changes
Source
Classification
Who this affects
Taxonomy
Browse Categories
Get Data Privacy & Cybersecurity alerts
Weekly digest. AI-summarized, no noise.
Free. Unsubscribe anytime.
Get alerts for this source
We'll email you when CERT-Bund Security Advisories publishes new changes.