CVE-2026-1848

State: PUBLISHED · Published: 2026-02-10 · Updated: 2026-02-11 · Assigner: mongodb

Description

Connections received from the proxy port may not count towards total accepted connections, resulting in server crashes if the total number of connections exceeds available resources. This only applies to connections accepted from the proxy port, pending the proxy protocol header.

CWE

CWE-770 — CWE-770 Allocation of Resources Without Limits or Throttling

Affected

MongoDB Inc / MongoDB Server — v=8.2 <8.2.4 [affected]; v=8.0 <8.0.18 [affected]; v=7.0 <7.0.29 [affected]

CVSS

4.0 score=8.2 severity=HIGH CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
3.1 score=7.5 severity=HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References

https://jira.mongodb.org/browse/SERVER-114695

Source

cvelistV5-main/cves/2026/1xxx/CVE-2026-1848.json