Changeflow GovPing Data Privacy & Cybersecurity CERT-Bund: MongoDB Vulnerabilities Disclosed, R...
Priority review Notice Added Final

CERT-Bund: MongoDB Vulnerabilities Disclosed, Remote Attack Possible

Favicon for wid.cert-bund.de CERT-Bund Security Advisories
Published March 17th, 2026
Detected March 18th, 2026
Email

Summary

CERT-Bund has issued a security advisory regarding multiple vulnerabilities in MongoDB, versions prior to 8.3.0-rc0, 8.0.20, 7.0.31, and 8.2.6. These vulnerabilities allow for remote attacks, including information disclosure and arbitrary code execution. The advisory highlights a high CVSS Base Score of 8.8.

View original document View source feed page

What changed

CERT-Bund has disclosed multiple vulnerabilities in various versions of MongoDB, including Open Source MongoDB versions prior to 8.3.0-rc0, 8.0.20, 7.0.31, and 8.2.6. These vulnerabilities have a high CVSS Base Score of 8.8 and a temporal score of 7.7, indicating a significant risk. Exploitation allows remote attackers to disclose information and execute arbitrary code on affected systems running Linux, UNIX, or Windows.

Organizations utilizing the affected MongoDB versions should immediately review their deployments and apply available mitigations or update to patched versions. Failure to address these vulnerabilities could lead to unauthorized access, data breaches, and system compromise. While no specific compliance deadline is mentioned, prompt action is recommended to prevent exploitation.

What to do next

  1. Review MongoDB deployments for versions prior to 8.3.0-rc0, 8.0.20, 7.0.31, and 8.2.6.
  2. Apply available mitigations or update to patched MongoDB versions.
  3. Monitor for further security advisories from CERT-Bund and MongoDB.

Source document (simplified)

[WID-SEC-2026-0773] MongoDB: Mehrere Schwachstellen CVSS Base Score 8.8 (hoch) CVSS Temporal Score 7.7 (hoch) Remoteangriff ja Datum 17.03.2026 Stand 18.03.2026 Mitigation ja

Betroffene Systeme

Betriebssystem

  • Linux
  • UNIX
  • Windows

Produktbeschreibung

MongoDB ist ein Open-Source-Dokumentendatenbank.

Produkte

17.03.2026
- Open Source MongoDB <8.3.0-rc0

  • Open Source MongoDB <8.0.20

  • Open Source MongoDB <7.0.31

  • Open Source MongoDB <8.2.6

Angriff

Angriff

Ein Angreifer kann mehrere Schwachstellen in MongoDB ausnutzen, um Informationen offenzulegen, und um beliebigen Programmcode auszuführen. CVE Informationen Versionshistorie Feedback zum Advisory geben

Related changes

Favicon for wid.cert-bund.de nghttp2 Vulnerability Allows Denial of Service
Priority review Mar 18, 2026 CERT-Bund Security Advisories Data Privacy & Cybersecurity
Favicon for wid.cert-bund.de Linux Kernel Vulnerabilities
Priority review Mar 18, 2026 CERT-Bund Security Advisories Data Privacy & Cybersecurity
Favicon for wid.cert-bund.de Budibase Vulnerability Allows Bypass and Information Disclosure
Priority review Mar 18, 2026 CERT-Bund Security Advisories Data Privacy & Cybersecurity
Favicon for www.cyber.nj.gov Monroe University Data Breach Affects 320,000 Individuals
Priority review Mar 18, 2026 NJ Cybersecurity: Public Data Breaches Government General
Favicon for www.cert.ssi.gouv.fr VMware Products Multiple Vulnerabilities Advisory
Priority review Mar 18, 2026 CERT-FR Security Advisories Data Privacy & Cybersecurity
Favicon for www.cert.ssi.gouv.fr Multiple vulnerabilities found in Atlassian products
Priority review Mar 18, 2026 CERT-FR Security Advisories Data Privacy & Cybersecurity

Source

Favicon for wid.cert-bund.de
CERT-Bund Security Advisories wid.cert-bund.de/content/public/securityAdvisory/rss
Data Privacy & Cybersecurity
Analysis generated by AI. Source diff and links are from the original.

Classification

Agency
CERT-Bund
Published
March 17th, 2026
Instrument
Notice
Legal weight
Non-binding
Stage
Final
Change scope
Substantive

Who this affects

Applies to
Technology companies
Geographic scope
de

Taxonomy

Primary area
Cybersecurity
Operational domain
IT Security
Topics
Software Vulnerabilities Data Security

Browse Categories

Agriculture & Food Safety 61 Banking & Finance 211 Consumer Protection 35 Courts & Legal 243 Data Privacy & Cybersecurity 59 Defense & National Security 48 Education 20 Energy 94 Environment 81 Government & Legislation 240 Healthcare 106 Housing 15 Immigration 8 Insurance 17 Labor & Employment 107 Pharma & Drug Safety 72 Securities & Markets 73 Tax 48 Telecom & Technology 34 Trade & Sanctions 122 Transportation 56

Get Data Privacy & Cybersecurity alerts

Weekly digest. AI-summarized, no noise.

Free. Unsubscribe anytime.

Get alerts for this source

We'll email you when CERT-Bund Security Advisories publishes new changes.

Free. Unsubscribe anytime.