Severity by source
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from Vendor (mongodb) · only source for this CVE.
CVSS VectorVendor: mongodb
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
3DescriptionCVE.org
The ldapQueryPassword parameter, when set through the runtime setParameter command, will log the new password to the mongod.log file in plain text.
AnalysisAI
Plaintext credential exposure in MongoDB Server allows a local authenticated attacker to retrieve the LDAP query password from log files. When an administrator uses the runtime setParameter command to configure the ldapQueryPassword parameter, MongoDB writes the new password value to mongod.log in cleartext. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires: (1) local access to the MongoDB host with at minimum read permission on the mongod.log file, consistent with the CVSS AV:L/PR:L vector; (2) an administrator must actively use the runtime setParameter command to set or update the ldapQueryPassword parameter - the vulnerability is triggered by this administrative action, not continuously present; (3) LDAP must be configured and in use (ldapQueryPassword is only relevant in LDAP-enabled deployments). … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 5.5 Medium score reflects a genuine but bounded threat. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker with a low-privileged local account on the MongoDB host waits for or socially engineers an administrator to issue a setParameter command updating the ldapQueryPassword - a routine operational task during credential rotations or initial LDAP setup. The attacker then reads the plaintext password from mongod.log and uses it to authenticate to the enterprise LDAP/Active Directory server, potentially enumerating users, groups, or other sensitive directory objects across the organization. … |
| Remediation | No vendor-released patch version has been independently confirmed at time of analysis - the upstream fix is tracked in MongoDB JIRA SERVER-123370 but no tagged release was referenced. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
More in Mongodb Server
View allOut-of-bounds memory write in MongoDB Server's time-series collection feature enables arbitrary code execution by authen
MongoDB Server sharded clusters are vulnerable to use-after-free memory corruption when authenticated users with read pe
Remote unauthenticated denial-of-service in MongoDB Server's BSON validation layer allows attackers to crash the mongod
Pre-authentication denial-of-service in MongoDB Server allows unauthenticated remote clients to crash the database proce
Authenticated users can crash MongoDB Server by chaining specific server-side JavaScript operations ($_internalJsEmit or
Memory disclosure and denial-of-service in MongoDB Server allows any authenticated user with aggregate command privilege
MongoDB Server exposes an availability and data integrity risk allowing any low-privileged authenticated user to crash t
Remote denial-of-service in MongoDB Server allows an authenticated user to crash the mongod process by submitting an agg
Denial of service in MongoDB Server allows an authenticated user to crash the database process by issuing a geospatial q
Denial of service in MongoDB Server 8.0 allows authenticated users with aggregation pipeline privileges to crash the ser
Denial of service in MongoDB Server allows authenticated users to trigger an assertion failure by running aggregation pi
Denial of service in MongoDB Server allows authenticated remote attackers to crash the database process by submitting ag
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-35867
GHSA-52qm-pr2g-7h6x