CVE-2026-1848

Summary

Connections received from the proxy port may not count towards total accepted connections, resulting in server crashes if the total number of connections exceeds available resources. This only applies to connections accepted from the proxy port, pending the proxy protocol header.

Affected Software

VendorProductVersion RangeStatus
MongoDB IncMongoDB Server8.2 < 8.2.4affected
MongoDB IncMongoDB Server8.0 < 8.0.18affected
MongoDB IncMongoDB Server7.0 < 7.0.29affected

Weaknesses

  • CWE-770: CWE-770 Allocation of Resources Without Limits or Throttling

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References