Skip to main content

Mongosh

4 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest
CVE-2025-1756 npm HIGH PATCH This Week

mongosh may be susceptible to local privilege escalation under certain conditions potentially enabling unauthorized actions on a user's system with elevated privilege, when a crafted file is stored. Rated high severity (CVSS 7.5). No vendor patch available.

Privilege Escalation Mongosh Codeready Linux Builder Eus Codeready Linux Builder For Arm64 Eus Codeready Linux Builder For Ibm Z Systems Eus +9
NVD
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-1693 npm LOW PATCH Monitor

The MongoDB Shell may be susceptible to control character injection where an attacker with control over the database cluster contents can inject control characters into the shell output. Rated low severity (CVSS 3.9), this vulnerability is remotely exploitable. No vendor patch available.

Code Injection Mongosh
NVD
CVSS 3.1
3.9
EPSS
0.1%
CVE-2025-1692 npm MEDIUM PATCH This Month

The MongoDB Shell may be susceptible to control character injection where an attacker with control of the user’s clipboard could manipulate them to paste text into mongosh that evaluates arbitrary. Rated medium severity (CVSS 6.3). No vendor patch available.

RCE Mongosh
NVD
CVSS 3.1
6.3
EPSS
0.1%
CVE-2025-1691 npm HIGH PATCH This Week

The MongoDB Shell may be susceptible to control character injection where an attacker with control of the mongosh autocomplete feature, can use the autocompletion feature to input and run obfuscated. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable. No vendor patch available.

Code Injection Mongosh
NVD
CVSS 3.1
7.6
EPSS
0.2%
CVE-2025-1756 npm
EPSS 0% CVSS 7.5
HIGH PATCH This Week

mongosh may be susceptible to local privilege escalation under certain conditions potentially enabling unauthorized actions on a user's system with elevated privilege, when a crafted file is stored. Rated high severity (CVSS 7.5). No vendor patch available.

Privilege Escalation Mongosh Codeready Linux Builder Eus +11
NVD
CVE-2025-1693 npm
EPSS 0% CVSS 3.9
LOW PATCH Monitor

The MongoDB Shell may be susceptible to control character injection where an attacker with control over the database cluster contents can inject control characters into the shell output. Rated low severity (CVSS 3.9), this vulnerability is remotely exploitable. No vendor patch available.

Code Injection Mongosh
NVD
CVE-2025-1692 npm
EPSS 0% CVSS 6.3
MEDIUM PATCH This Month

The MongoDB Shell may be susceptible to control character injection where an attacker with control of the user’s clipboard could manipulate them to paste text into mongosh that evaluates arbitrary. Rated medium severity (CVSS 6.3). No vendor patch available.

RCE Mongosh
NVD
CVE-2025-1691 npm
EPSS 0% CVSS 7.6
HIGH PATCH This Week

The MongoDB Shell may be susceptible to control character injection where an attacker with control of the mongosh autocomplete feature, can use the autocompletion feature to input and run obfuscated. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable. No vendor patch available.

Code Injection Mongosh
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy