CVE-2026-1848Allocation of Resources Without Limits or Throttling in INC Mongodb Server

CWE-770Allocation of Resources Without Limits or Throttling5 documents5 sources
Severity
8.2HIGHNVD
EPSS
0.1%
top 81.17%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Mongodb INC Mongodb ServerMongodb
Timeline
PublishedFeb 10

Description

Connections received from the proxy port may not count towards total accepted connections, resulting in server crashes if the total number of connections exceeds available resources. This only applies to connections accepted from the proxy port, pending the proxy protocol header.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Affected Packages2 packages

CVEListV5mongodb_inc/mongodb_server8.28.2.4+2
NVDmongodb/mongodb7.0.07.0.29+2

🔴Vulnerability Details

3
GHSA
GHSA-wv25-wjh7-whjh: Connections received from the proxy port may not count towards total accepted connections, resulting in server crashes if the total number of connecti2026-02-10
OSV
CVE-2026-1848: Connections received from the proxy port may not count towards total accepted connections, resulting in server crashes if the total number of connecti2026-02-10
CVEList
Connections received from the proxy port may not count towards total accepted connections2026-02-10

🕵️Threat Intelligence

1
Wiz
CVE-2026-1848 Impact, Exploitability, and Mitigation Steps | Wiz
CVE-2026-1848 — INC Mongodb Server vulnerability | cvebase