cbcvebase.
CVE-2026-1848
published 2026-02-10

CVE-2026-1848: Connections received from the proxy port may not count towards total accepted connections, resulting in server crashes if the total number of connections…

PriorityP339high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EPSS
0.26%
17.6th percentile
Connections received from the proxy port may not count towards total accepted connections, resulting in server crashes if the total number of connections exceeds available resources. This only applies to connections accepted from the proxy port, pending the proxy protocol header.

Affected

6 ranges
VendorProductVersion rangeFixed in
mongodbmongodb>= 7.0.0 < 7.0.297.0.29
mongodbmongodb>= 8.0.0 < 8.0.188.0.18
mongodbmongodb>= 8.2.0 < 8.2.48.2.4
mongodb_incmongodb_server>= 7.0 < 7.0.297.0.29
mongodb_incmongodb_server>= 8.0 < 8.0.188.0.18
mongodb_incmongodb_server>= 8.2 < 8.2.48.2.4

CVSS provenance

nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvdv4.08.2HIGHCVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
osv8.2HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.