CVE-2026-1847Allocation of Resources Without Limits or Throttling in INC Mongodb Server

CWE-770Allocation of Resources Without Limits or Throttling5 documents5 sources
Severity
7.1HIGHNVD
EPSS
0.1%
top 83.18%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Mongodb INC Mongodb ServerMongodb
Timeline
PublishedFeb 10

Description

Inserting certain large documents into a replica set could lead to replica set secondaries not being able to fetch the oplog from the primary. This could stall replication inside the replica set leading to server crash.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Affected Packages2 packages

CVEListV5mongodb_inc/mongodb_server8.08.0.18+1
NVDmongodb/mongodb7.0.07.0.29+2

🔴Vulnerability Details

3
CVEList
MongoDB Server may crash when inserting large documents2026-02-10
GHSA
GHSA-7m7c-8m4q-hv3m: Inserting certain large documents into a replica set could lead to replica set secondaries not being able to fetch the oplog from the primary2026-02-10
OSV
CVE-2026-1847: Inserting certain large documents into a replica set could lead to replica set secondaries not being able to fetch the oplog from the primary2026-02-10

🕵️Threat Intelligence

1
Wiz
CVE-2026-1847 Impact, Exploitability, and Mitigation Steps | Wiz
CVE-2026-1847 — INC Mongodb Server vulnerability | cvebase