Main Vulnerability Database Vulnerabilities #VU122799

#VU122799 Resource exhaustion in MongoDB - CVE-2026-1847

Published: February 13, 2026

Vulnerability identifier: #VU122799

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2026-1847

CWE-ID: CWE-400

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
MongoDB

Software vendor:
MongoDB, Inc.

Description

The vulnerability allows a remote user to perform a denial of service (DoS) attack.

The vulnerability exists due to application does not properly control consumption of internal resources. A remote user can insert certain large documents into a replica set causing the replica set secondaries not being able to fetch the oplog from the primary, which stalls replication inside the replica set leading to server crash.

Remediation

Install updates from vendor's website.

External links

https://jira.mongodb.org/browse/SERVER-113532

#VU122799 Resource exhaustion in MongoDB - CVE-2026-1847

Description

Remediation

External links

Please verify you're human