CVE-2026-1850

CVSS v3 6.5 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

C

omplex queries can cause excessive memory usage in MongoDB Query Planner resulting in an Out-Of-Memory Crash.

References

Link	Resource
https://jira.mongodb.org/browse/SERVER-114126	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:mongodb:mongodb:::::-:::*
	cpe:2.3:a:mongodb:mongodb:::::-:::*

History

25 Feb 2026, 17:11

Type	Values Removed	Values Added
First Time		Mongodb mongodb Mongodb
Summary		(es) Consultas complejas pueden causar un uso excesivo de memoria en el Planificador de Consultas de MongoDB, resultando en un fallo por falta de memoria.
References	~~() https://jira.mongodb.org/browse/SERVER-114126 -~~	() https://jira.mongodb.org/browse/SERVER-114126 - Vendor Advisory
CPE		cpe:2.3:a:mongodb:mongodb:::::-:::*

10 Feb 2026, 19:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-02-10 19:15

Updated : 2026-02-25 17:11

NVD link : CVE-2026-1850

Mitre link : CVE-2026-1850

CVE.ORG link : CVE-2026-1850

JSON object : View

Products Affected

mongodb

CWE

CWE-770

Allocation of Resources Without Limits or Throttling

{"id": "CVE-2026-1850", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.8}, {"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}], "cvssMetricV40": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 7.1, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2026-02-10T19:15:51.633", "references": [{"url": "https://jira.mongodb.org/browse/SERVER-114126", "tags": ["Vendor Advisory"], "source": "[email protected]"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-770"}]}], "descriptions": [{"lang": "en", "value": "Complex queries can cause excessive memory usage in MongoDB Query Planner resulting in an Out-Of-Memory Crash."}, {"lang": "es", "value": "Consultas complejas pueden causar un uso excesivo de memoria en el Planificador de Consultas de MongoDB, resultando en un fallo por falta de memoria."}], "lastModified": "2026-02-25T17:11:10.953", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:mongodb:mongodb:*:*:*:*:-:*:*:*", "vulnerable": true, "matchCriteriaId": "EAD79FD4-B8A1-463B-A796-BCA50C8A0020", "versionEndExcluding": "8.0.18", "versionStartIncluding": "8.0.0"}, {"criteria": "cpe:2.3:a:mongodb:mongodb:*:*:*:*:-:*:*:*", "vulnerable": true, "matchCriteriaId": "416DE712-D5B3-4E88-9F5A-17BDDDFE6039", "versionEndExcluding": "8.2.4", "versionStartIncluding": "8.2.0"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}