CVE-2026-25612

Summary

The internal locking mechanism of the MongoDB server uses an internal encoding of the resources in order to choose what lock to take. Collections may inadvertently collide with one another in this representation causing unavailability between them due to conflicting locks.

Affected Software

VendorProductVersion RangeStatus
MongoDB IncMongoDB Server8.2 < 8.2.4affected
MongoDB IncMongoDB Server8.0 < 8.0.18affected
MongoDB IncMongoDB Server7.0 < 7.0.29affected

Weaknesses

  • CWE-412: CWE-412 Unrestricted Externally Accessible Lock

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References