CVE-2026-25611
HIGHCVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
2Tags
Description
A series of specifically crafted, unauthenticated messages can exhaust available memory and crash a MongoDB server.
Analysis
MongoDB instances are vulnerable to denial of service attacks when processing specially crafted unauthenticated messages that trigger memory exhaustion and server crashes. An unauthenticated remote attacker can exploit this vulnerability to disable MongoDB availability without requiring valid credentials or user interaction. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Identify all MongoDB instances and document network exposure; implement network segmentation to restrict MongoDB port access (default 27017) to authenticated application servers only. Within 7 days: Deploy WAF or firewall rules to block malformed connection attempts; enable MongoDB connection authentication and audit logging; establish monitoring alerts for abnormal memory consumption and connection patterns. …
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today