Software Detail

Software Informaton Top

Database

Software Detail

MongoDB Comunity Server

Number Of NVD

CRITICAL

HIGH

MEDIUM

LOW

URL	https://www.mongodb.com/
Explanation	MongoDB is an open source software document-oriented database. It is developed and supported by MongoDB Inc. The above text is excerpted from [https://ja.wikipedia.org/wiki/MongoDB]. Unlike RDB, it is a Key:Value type database like Json. Since it can be registered in a flexible data format, it is effective when the data format cannot be decided at the beginning. For systems that do not require transaction processing, it allows for fast data manipulation. You can build a better system by using RDB and MongoDB in different ways. “Major Release” means a version of the MongoDB Server identified by a change in the number to the left of the first decimal point (X.x.x). “Rapid Release” means a version of the MongoDB Server identified by a change in the middle number in between the two decimal points (x.X.x). "Patch Release" means a version of the MongoDB Server identified by a change in the number to the right of the second decimal point (x.x.X).
Tag	オープンソース SSPL 商用ライセンス有り

Add Information URL

No	Type	Name	URL
1			https://www.mongodb.com/support-policy
2			https://www.mongodb.com/docs/upcoming/reference/versioning/#std-label-release-version-numbers
3			https://www.mongodb.com/support-policy/lifecycles
4			https://docs.mongodb.com/master/release-notes/
5			https://github.com/mongodb/mongo
6			https://docs.mongodb.com/manual/administration/security-checklist/

List Of Product [ Click to show release history and vulnerability information ]

No	Name	Latest Version	Release date	Initial release	Normal Support	Critical	High	Medium
1	MongoDB 7.0	7.0.21	April 29, 2025	Aug. 15, 2023		0	4	7
2	MongoDB 6.0	6.0.24	April 29, 2025	July 4, 2022	July 31, 2025	0	3	4
3	MongoDB 5.3	5.3.2	June 23, 2022	March 23, 2022	June 30, 2022	0	0	0
4	MongoDB 5.2	5.2.1	Feb. 24, 2022	Jan. 19, 2022	April 30, 2022	0	0	0
5	MongoDB 5.1	5.1.1	Nov. 9, 2021	Nov. 9, 2021	June 30, 2025	0	0	0
6	MongoDB 5.0	5.0.31	Jan. 28, 2025	July 13, 2021	Oct. 31, 2024	0	5	4
7	MongoDB 4.4	4.4.4	Jan. 4, 2021	July 1, 2020	April 30, 2024	0	4	5
8	MongoDB 4.2	4.2.8	June 15, 2020	Aug. 1, 2019	April 30, 2023	0	4	8
9	MongoDB 4.0	4.0.28	Jan. 31, 2022	June 1, 2018	April 30, 2022	0	4	15
10	MongoDB 3.6	3.6.22	Feb. 8, 2021	Nov. 1, 2017	April 30, 2021	0	4	12
11	MongoDB 3.4	3.4.24	Jan. 27, 2020	Nov. 1, 2016	Jan. 31, 2020	1	4	2
12	MongoDB 3.2	3.2.22	Dec. 28, 2018	Oct. 1, 2015	Oct. 30, 2018	0	1	1
13	MongoDB 4.9	4.9.0			Jan. 1, 2000	0	0	0
14	MongoDB 4.8	4.8.0			Jan. 1, 2000	0	0	0
15	MongoDB 4.7	4.7.0			Jan. 1, 2000	0	0	0
16	MongoDB 4.5	4.5.1			Jan. 1, 2000	0	0	1
17	MongoDB 4.3	4.3.3			Jan. 1, 2000	0	3	7
18	MongoDB 3.4	3.4.9			Jan. 1, 2000	1	6	16
19	MongoDB 3.3	3.3.9			Jan. 1, 2000	0	1	1
20	MongoDB 3.2	3.2.9			Jan. 1, 2000	0	1	1
21	MongoDB 3.0	3.0.9			Jan. 1, 2000	0	2	1
22	MongoDB 2.6	2.6.9			Jan. 1, 2000	0	2	3
23	MongoDB 2.5	2.5.1			Jan. 1, 2000	0	1	3
24	MongoDB 2.4	2.4.9			Jan. 1, 2000	0	2	5
25	MongoDB 2.3	2.3.1			Jan. 1, 2000	0	1	4
26	MongoDB 2.2	2.2.7			Jan. 1, 2000	0	1	5
27	MongoDB 2.0	2.0.8			Jan. 1, 2000	0	1	5
28	MongoDB 1.8	1.8.0			Jan. 1, 2000	0	0	5
29	MongoDB 1.7	1.7.0			Jan. 1, 2000	0	1	5
30	MongoDB 1.6	1.6.0			Jan. 1, 2000	0	0	5
31	MongoDB 1.4	1.4.0			Jan. 1, 2000	0	0	5
32	MongoDB 1.2	1.2.0			Jan. 1, 2000	0	0	5
33	MongoDB 0.8	0.8.0			Jan. 1, 2000	0	0	5
34	MongoDB 0.7	0.7.0			Jan. 1, 2000	0	0	6
35	MongoDB 0.6	0.6.9			Jan. 1, 2000	0	0	6
36	MongoDB 0.5	0.5.0			Jan. 1, 2000	0	0	6
37	MongoDB 0.4	0.4.2			Jan. 1, 2000	0	0	6
38	MongoDB 0.3	0.3.0			Jan. 1, 2000	0	0	6
39	MongoDB 0.2	0.2.1			Jan. 1, 2000	0	0	6
40	MongoDB 0.1	0.1.1			Jan. 1, 2000	0	0	6
41	MongoDB 0.0	0.0.1			Jan. 1, 2000	0	0	6

NVD Vulnerability Information

CRITICAL
HIGH
MEDIUM
LOW

No	CVSS3 CVSS2	Level Attach Vector	Title	CWE	CVE	cpe23Uri	or higher	less than	Update date Published date	Show Affected	Exploit PoC Search
1	6.5 -	MEDIUM Network	After invoking $_internalJsEmit, which is not intended to be directly accessible, or mapreduce command’s map function in a certain way, an authenticated user can subsequently crash mongod when the se…	CWE-416 Use After Free	CVE-2026-8336	cpe:2.3:a:mongodb:mongodb::	8.3.0 8.2.0	8.3.2 8.2.9	2026-05-18 21:54 2026-05-13	Show	GitHub Exploit DB Packet Storm

2	6.5 -	MEDIUM Network	Using a densely populated chars mask and a large input string in the MongoDB aggregation operators $trim, $ltrim, and $rtrim, an authenticated user with aggregation permissions can pin CPU utilizatio…	CWE-770 Allocation of Resources Without Limits or Throttling	CVE-2026-8202	cpe:2.3:a:mongodb:mongodb::	7.0.0 8.0.0 8.2.0 8.3.0	7.0.34 8.0.23 8.2.9 8.3.2	2026-05-18 21:55 2026-05-13	Show	GitHub Exploit DB Packet Storm

3	8.8 -	HIGH Network	A use-after-free vulnerability exists in MongoDB's Field-Level Encryption (FLE) query analysis component, affecting client-side uses of mongocryptd and crypt_shared. Triggering this vulnerability req…	CWE-416 Use After Free	CVE-2026-8201	cpe:2.3:a:mongodb:mongodb::	7.0.0 8.0.0 8.2.0 8.3.0	7.0.34 8.0.23 8.2.9 8.3.2	2026-05-14 07:50 2026-05-13	Show	GitHub Exploit DB Packet Storm

4	5.3 -	MEDIUM Network	When schema validation is enabled on a collection and an update or insert would violate the collection's schema, the local server log message generated may not have all user data redacted. This is…	CWE-532 Inclusion of Sensitive Information in Log Files	CVE-2026-8200	cpe:2.3:a:mongodb:mongodb::	7.0.0 8.0.0 8.2.0 8.3.0	7.0.34 8.0.23 8.2.9 8.3.2	2026-05-18 22:01 2026-05-13	Show	GitHub Exploit DB Packet Storm

5	6.5 -	MEDIUM Network	An authenticated user can cause excess memory usage via bitwise match expression AST processing of $bitsAllSet, $bitsAnySet, $bitsAllClear, and $bitsAnyClear. This contributes to memory pressure and …	CWE-1325 Improperly Controlled Sequential Memory Allocation	CVE-2026-8199	cpe:2.3:a:mongodb:mongodb::	7.0.0 8.0.0 8.2.0 8.3.0	7.0.34 8.0.23 8.2.9 8.3.2	2026-05-14 07:31 2026-05-13	Show	GitHub Exploit DB Packet Storm

6	8.8 -	HIGH Network	An issue in MongoDB Server's time-series collection implementation allows an authenticated user with database write privileges to trigger an out-of-bounds memory write in the mongod process. The issu…	CWE-787 Out-of-bounds Write	CVE-2026-8053	cpe:2.3:a:mongodb:mongodb::	5.0.0 6.0.0 7.0.0 8.0.0 8.2.0 8.3.0	5.0.33 6.0.28 7.0.34 8.0.23 8.2.9 8.3.2	2026-05-18 22:06 2026-05-13	Show	GitHub Exploit DB Packet Storm

7	6.5 -	MEDIUM Network	An authenticated user can crash mongod when running $rankFusion or $scoreFusion with an empty pipeline on a view. When resolving a view, the server inspects the aggregation pipeline to determine whe…	CWE-476 NULL Pointer Dereference	CVE-2026-8063	cpe:2.3:a:mongodb:mongodb::	8.2.0	8.2.7	2026-05-12 00:26 2026-05-7	Show	GitHub Exploit DB Packet Storm

8	8.8 -	HIGH Network	A use-after-free vulnerability can be triggered in sharded clusters by an authenticated user with the read role who issues a specially crafted $lookup or $graphLookup aggregation pipeline.	CWE-416 Use After Free	CVE-2026-4148	cpe:2.3:a:mongodb:mongodb:8.3.0:rc1 cpe:2.3:a:mongodb:mongodb:8.3.0:alpha3 cpe:2.3:a:mongodb:mongodb:8.3.0:alpha2…	7.0.0 8.0.0 8.2.0	7.0.31 8.0.20 8.2.6	2026-04-11 02:38 2026-03-18	Show	GitHub Exploit DB Packet Storm

9	4.3 -	MEDIUM Network	An authenticated user with the read role may read limited amounts of uninitialized stack memory via specially-crafted issuances of the filemd5 command.	CWE-457 CWE-908 Use of Uninitialized Variable Use of Uninitialized Resource	CVE-2026-4147	cpe:2.3:a:mongodb:mongodb:8.3.0:rc1 cpe:2.3:a:mongodb:mongodb:8.3.0:alpha3 cpe:2.3:a:mongodb:mongodb:8.3.0:alpha2…	7.0.0 8.0.0 8.2.0	7.0.31 8.0.20 8.2.6	2026-04-11 02:40 2026-03-18	Show	GitHub Exploit DB Packet Storm

10	6.5 -	MEDIUM Network	prepareUnique index may cause secondaries to crash due to incorrect enforcement of index constraints on secondaries, where in extreme cases may cause multiple secondaries crashing leading to no prima…	NVD-CWE-Other	CVE-2024-8305	cpe:2.3:a:mongodb:mongodb::	7.3.0 7.0.0 6.0.0	7.3.4 7.0.13 6.0.17	2024-11-8 00:38 2024-10-22	Show	GitHub Exploit DB Packet Storm