Main Vulnerability Database Vulnerabilities #VU122799

Resource exhaustion in MongoDB - CVE-2026-1847

Published: February 13, 2026

Vulnerability identifier: #VU122799

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2026-1847

CWE-ID: CWE-400

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: MongoDB, Inc.

Affected software:
MongoDB

Detailed vulnerability description

The vulnerability allows a remote user to perform a denial of service (DoS) attack.

The vulnerability exists due to application does not properly control consumption of internal resources. A remote user can insert certain large documents into a replica set causing the replica set secondaries not being able to fetch the oplog from the primary, which stalls replication inside the replica set leading to server crash.

How to mitigate CVE-2026-1847

Install updates from vendor's website.

Sources

https://jira.mongodb.org/browse/SERVER-113532

Resource exhaustion in MongoDB - CVE-2026-1847

Detailed vulnerability description

How to mitigate CVE-2026-1847

Sources

Please verify you're human