CVE-2026-1848
published 2026-02-10CVE-2026-1848: Connections received from the proxy port may not count towards total accepted connections, resulting in server crashes if the total number of connections…
PriorityP339high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EPSS
0.26%
17.6th percentile
Connections received from the proxy port may not count towards total accepted connections, resulting in server crashes if the total number of connections exceeds available resources. This only applies to connections accepted from the proxy port, pending the proxy protocol header.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| mongodb | mongodb | >= 7.0.0 < 7.0.29 | 7.0.29 |
| mongodb | mongodb | >= 8.0.0 < 8.0.18 | 8.0.18 |
| mongodb | mongodb | >= 8.2.0 < 8.2.4 | 8.2.4 |
| mongodb_inc | mongodb_server | >= 7.0 < 7.0.29 | 7.0.29 |
| mongodb_inc | mongodb_server | >= 8.0 < 8.0.18 | 8.0.18 |
| mongodb_inc | mongodb_server | >= 8.2 < 8.2.4 | 8.2.4 |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvdv4.08.2HIGHCVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
osv8.2HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-wv25-wjh7-whjh: Connections received from the proxy port may not count towards total accepted connections, resulting in server crashes if the total number of connecti
ghsa_unreviewed·2026-02-10
CVE-2026-1848 [HIGH] CWE-770 GHSA-wv25-wjh7-whjh: Connections received from the proxy port may not count towards total accepted connections, resulting in server crashes if the total number of connecti
Connections received from the proxy port may not count towards total accepted connections, resulting in server crashes if the total number of connections exceeds available resources. This only applies to connections accepted from the proxy port, pending the proxy protocol header.
OSV
CVE-2026-1848: Connections received from the proxy port may not count towards total accepted connections, resulting in server crashes if the total number of connecti
osv·2026-02-10·CVSS 8.2
CVE-2026-1848 [HIGH] CVE-2026-1848: Connections received from the proxy port may not count towards total accepted connections, resulting in server crashes if the total number of connecti
Connections received from the proxy port may not count towards total accepted connections, resulting in server crashes if the total number of connections exceeds available resources. This only applies to connections accepted from the proxy port, pending the proxy protocol header.
No detection rules found.
No public exploits indexed.
2026-02-10
Published