Software Detail

Software Informaton Top

Database

Software Detail

MongoDB Comunity Server

Number Of NVD

CRITICAL

HIGH

MEDIUM

LOW

URL	https://www.mongodb.com/
Explanation	MongoDB is an open source software document-oriented database. It is developed and supported by MongoDB Inc. The above text is excerpted from [https://ja.wikipedia.org/wiki/MongoDB]. Unlike RDB, it is a Key:Value type database like Json. Since it can be registered in a flexible data format, it is effective when the data format cannot be decided at the beginning. For systems that do not require transaction processing, it allows for fast data manipulation. You can build a better system by using RDB and MongoDB in different ways. “Major Release” means a version of the MongoDB Server identified by a change in the number to the left of the first decimal point (X.x.x). “Rapid Release” means a version of the MongoDB Server identified by a change in the middle number in between the two decimal points (x.X.x). "Patch Release" means a version of the MongoDB Server identified by a change in the number to the right of the second decimal point (x.x.X).
Tag	SSPL 商用ライセンス有りオープンソース

Add Information URL

No	Type	Name	URL
1			https://www.mongodb.com/support-policy
2			https://www.mongodb.com/docs/upcoming/reference/versioning/#std-label-release-version-numbers
3			https://www.mongodb.com/support-policy/lifecycles
4			https://docs.mongodb.com/master/release-notes/
5			https://github.com/mongodb/mongo
6			https://docs.mongodb.com/manual/administration/security-checklist/

List Of Product [ Click to show release history and vulnerability information ]

No	Name	Latest Version	Release date	Initial release	Normal Support	Security Support Service Pack Support	Critical	High	Medium
1	MongoDB 8.3	8.3.4	June 11, 2026	May 4, 2026	Oct. 31, 2029	Oct. 31, 2029	0	0	0
2	MongoDB 7.0	7.0.21	April 29, 2025	Aug. 15, 2023			0	5	11
3	MongoDB 6.0	6.0.24	April 29, 2025	July 4, 2022	July 31, 2025		0	3	4
4	MongoDB 5.3	5.3.2	June 23, 2022	March 23, 2022	June 30, 2022		0	0	0
5	MongoDB 5.2	5.2.1	Feb. 24, 2022	Jan. 19, 2022	April 30, 2022		0	0	0
6	MongoDB 5.1	5.1.1	Nov. 9, 2021	Nov. 9, 2021	June 30, 2025		0	0	0
7	MongoDB 5.0	5.0.31	Jan. 28, 2025	July 13, 2021	Oct. 31, 2024		0	5	4
8	MongoDB 4.4	4.4.4	Jan. 4, 2021	July 1, 2020	April 30, 2024		0	4	5
9	MongoDB 4.2	4.2.8	June 15, 2020	Aug. 1, 2019	April 30, 2023		0	4	8
10	MongoDB 4.0	4.0.28	Jan. 31, 2022	June 1, 2018	April 30, 2022		0	4	15
11	MongoDB 3.6	3.6.22	Feb. 8, 2021	Nov. 1, 2017	April 30, 2021		0	4	12
12	MongoDB 3.4	3.4.24	Jan. 27, 2020	Nov. 1, 2016	Jan. 31, 2020		1	4	2
13	MongoDB 3.2	3.2.22	Dec. 28, 2018	Oct. 1, 2015	Oct. 30, 2018		0	1	1
14	MongoDB 4.9	4.9.0			Jan. 1, 2000		0	0	0
15	MongoDB 4.8	4.8.0			Jan. 1, 2000		0	0	0
16	MongoDB 4.7	4.7.0			Jan. 1, 2000		0	0	0
17	MongoDB 4.5	4.5.1			Jan. 1, 2000		0	0	1
18	MongoDB 4.3	4.3.3			Jan. 1, 2000		0	3	7
19	MongoDB 3.4	3.4.9			Jan. 1, 2000		1	6	16
20	MongoDB 3.3	3.3.9			Jan. 1, 2000		0	1	1
21	MongoDB 3.2	3.2.9			Jan. 1, 2000		0	1	1
22	MongoDB 3.0	3.0.9			Jan. 1, 2000		0	2	1
23	MongoDB 2.6	2.6.9			Jan. 1, 2000		0	2	3
24	MongoDB 2.5	2.5.1			Jan. 1, 2000		0	1	3
25	MongoDB 2.4	2.4.9			Jan. 1, 2000		0	2	5
26	MongoDB 2.3	2.3.1			Jan. 1, 2000		0	1	4
27	MongoDB 2.2	2.2.7			Jan. 1, 2000		0	1	5
28	MongoDB 2.0	2.0.8			Jan. 1, 2000		0	1	5
29	MongoDB 1.8	1.8.0			Jan. 1, 2000		0	0	5
30	MongoDB 1.7	1.7.0			Jan. 1, 2000		0	1	5
31	MongoDB 1.6	1.6.0			Jan. 1, 2000		0	0	5
32	MongoDB 1.4	1.4.0			Jan. 1, 2000		0	0	5
33	MongoDB 1.2	1.2.0			Jan. 1, 2000		0	0	5
34	MongoDB 0.8	0.8.0			Jan. 1, 2000		0	0	5
35	MongoDB 0.7	0.7.0			Jan. 1, 2000		0	0	6
36	MongoDB 0.6	0.6.9			Jan. 1, 2000		0	0	6
37	MongoDB 0.5	0.5.0			Jan. 1, 2000		0	0	6
38	MongoDB 0.4	0.4.2			Jan. 1, 2000		0	0	6
39	MongoDB 0.3	0.3.0			Jan. 1, 2000		0	0	6
40	MongoDB 0.2	0.2.1			Jan. 1, 2000		0	0	6
41	MongoDB 0.1	0.1.1			Jan. 1, 2000		0	0	6
42	MongoDB 0.0	0.0.1			Jan. 1, 2000		0	0	6

NVD Vulnerability Information

CRITICAL
HIGH
MEDIUM
LOW

No	CVSS3 CVSS2	Level Attach Vector	Title	CWE	CVE	cpe23Uri	or higher	less than	Update date Published date	Show Affected	Exploit PoC Search
1	5.5 -	MEDIUM Local	The ldapQueryPassword parameter, when set through the runtime setParameter command, will log the new password to the mongod.log file in plain text.	CWE-532 Inclusion of Sensitive Information in Log Files	CVE-2026-9751	cpe:2.3:a:mongodb:mongodb::	7.0.0 8.0.0 8.2.0 8.3.0	7.0.35 8.0.24 8.2.10 8.3.3	2026-06-13 05:43 2026-06-10	Show	GitHub Exploit DB Packet Storm

2	6.5 -	MEDIUM Network	An authenticated user can cause a MongoDB server to crash or return incorrect results by creating documents that interfere with internal metadata processing during query execution. This stems from in…	CWE-617 Reachable Assertion	CVE-2026-9750	cpe:2.3:a:mongodb:mongodb::	7.0.0 8.0.0 8.2.0 8.3.0	7.0.35 8.0.24 8.2.10 8.3.3	2026-06-16 02:10 2026-06-10	Show	GitHub Exploit DB Packet Storm

3	6.5 -	MEDIUM Network	The $_internalConvertBucketIndexStats stage used PauseExecution as a way to signal "skip this document" when an index stats conversion failed. But PauseExecution is not a general purpose skip mechani…	CWE-617 Reachable Assertion	CVE-2026-9748	cpe:2.3:a:mongodb:mongodb::	7.0.0 8.0.0 8.2.0 8.3.0	7.0.35 8.0.10 8.2.10 8.3.3	2026-06-16 02:10 2026-06-10	Show	GitHub Exploit DB Packet Storm

4	6.5 -	MEDIUM Network	Adding fromRouter:true and runtimeConstants.userRoles could cause aggregations to crash mongodb server.	CWE-617 Reachable Assertion	CVE-2026-9747	cpe:2.3:a:mongodb:mongodb::	7.0.0 8.0.0 8.2.0 8.3.0	7.0.35 8.0.24 8.2.10 8.3.3	2026-06-16 01:58 2026-06-10	Show	GitHub Exploit DB Packet Storm

5	6.5 -	MEDIUM Network	In MongoDB Server 8.0, an aggregation stage can leave its _subPipeline field null during processing of certain pipelines. If a getMore is subsequently issued on the same cursor, the server may derefe…	CWE-476 NULL Pointer Dereference	CVE-2026-9743	cpe:2.3:a:mongodb:mongodb::	8.0.0	8.0.24	2026-06-16 01:56 2026-06-10	Show	GitHub Exploit DB Packet Storm

6	7.5 -	HIGH Network	A vulnerability in MongoDB Server's BSON validation logic allows an unauthenticated user to crash the mongod process by sending a specially crafted message. The BSON validator's handling of certain n…	CWE-674 Uncontrolled Recursion	CVE-2026-9740	cpe:2.3:a:mongodb:mongodb::	7.0.0 8.0.0 8.2.0 8.3.0	7.0.35 8.0.24 8.2.10 8.3.3	2026-06-16 01:55 2026-06-10	Show	GitHub Exploit DB Packet Storm

7	5.5 -	MEDIUM Local	MongoDB server may log authentication parameters, including credentials, to the server log during SASL authentication. When connection health metric logging is enabled, the full authentication parame…	CWE-532 Inclusion of Sensitive Information in Log Files	CVE-2026-9735	cpe:2.3:a:mongodb:mongodb::	8.3.0	8.3.3	2026-06-16 01:46 2026-06-10	Show	GitHub Exploit DB Packet Storm

8	6.5 -	MEDIUM Network	After invoking $_internalJsEmit, which is not intended to be directly accessible, or mapreduce command’s map function in a certain way, an authenticated user can subsequently crash mongod when the se…	CWE-416 Use After Free	CVE-2026-8336	cpe:2.3:a:mongodb:mongodb::	8.3.0 8.2.0	8.3.2 8.2.9	2026-05-18 21:54 2026-05-13	Show	GitHub Exploit DB Packet Storm

9	6.5 -	MEDIUM Network	Using a densely populated chars mask and a large input string in the MongoDB aggregation operators $trim, $ltrim, and $rtrim, an authenticated user with aggregation permissions can pin CPU utilizatio…	CWE-770 Allocation of Resources Without Limits or Throttling	CVE-2026-8202	cpe:2.3:a:mongodb:mongodb::	7.0.0 8.0.0 8.2.0 8.3.0	7.0.34 8.0.23 8.2.9 8.3.2	2026-05-18 21:55 2026-05-13	Show	GitHub Exploit DB Packet Storm

10	8.8 -	HIGH Network	A use-after-free vulnerability exists in MongoDB's Field-Level Encryption (FLE) query analysis component, affecting client-side uses of mongocryptd and crypt_shared. Triggering this vulnerability req…	CWE-416 Use After Free	CVE-2026-8201	cpe:2.3:a:mongodb:mongodb::	7.0.0 8.0.0 8.2.0 8.3.0	7.0.34 8.0.23 8.2.9 8.3.2	2026-05-14 07:50 2026-05-13	Show	GitHub Exploit DB Packet Storm