SB2026022520 - Multiple vulnerabilities in MongoDB Enterprise Advanced with IBM
Published: February 25, 2026
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 2 vulnerabilities.
1) Insecure Temporary File (CVE-ID: CVE-2020-15250)
CWE-ID: CWE-377 - Insecure Temporary File
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to the application is using the test rule TemporaryFolder that stores sensitive information in temporary files in the system temporary directory, accessible by other system users. A local user can read temporary files and obtain sensitive information, related to the application.
2) Uncontrolled Recursion (CVE-ID: CVE-2025-48924)
CWE-ID: CWE-674 - Uncontrolled Recursion
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to the methods ClassUtils.getClass(...) can throw StackOverflowError on very long inputs. Because an Error is usually not handled by applications and libraries, a StackOverflowError could cause an application to stop. A remote attacker can trigger uncontrolled recursion and perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.