CVE-2026-1849
published 2026-02-10CVE-2026-1849: MongoDB Server may experience an out-of-memory failure while evaluating expressions that produce deeply nested documents. The issue arises in recursive…
PriorityP339high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EPSS
0.27%
18.9th percentile
MongoDB Server may experience an out-of-memory failure while evaluating expressions that produce deeply nested documents. The issue arises in recursive functions because the server does not periodically check the depth of the expression.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| mongodb | mongodb | >= 7.0.0 < 7.0.29 | 7.0.29 |
| mongodb | mongodb | >= 8.0.0 < 8.0.18 | 8.0.18 |
| mongodb | mongodb | >= 8.2.0 < 8.2.2 | 8.2.2 |
| mongodb_inc | mongodb_server | >= 7.0 < 7.0.29 | 7.0.29 |
| mongodb_inc | mongodb_server | >= 8.0 < 8.0.18 | 8.0.18 |
| mongodb_inc | mongodb_server | >= 8.2 < 8.2.2 | 8.2.2 |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvdv4.07.1HIGHCVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
osv7.1HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-cf58-vmg8-228p: MongoDB Server may experience an out-of-memory failure while evaluating expressions that produce deeply nested documents
ghsa_unreviewed·2026-02-10
CVE-2026-1849 [HIGH] CWE-674 GHSA-cf58-vmg8-228p: MongoDB Server may experience an out-of-memory failure while evaluating expressions that produce deeply nested documents
MongoDB Server may experience an out-of-memory failure while evaluating expressions that produce deeply nested documents. The issue arises in recursive functions because the server does not periodically check the depth of the expression.
OSV
CVE-2026-1849: MongoDB Server may experience an out-of-memory failure while evaluating expressions that produce deeply nested documents
osv·2026-02-10·CVSS 7.1
CVE-2026-1849 [HIGH] CVE-2026-1849: MongoDB Server may experience an out-of-memory failure while evaluating expressions that produce deeply nested documents
MongoDB Server may experience an out-of-memory failure while evaluating expressions that produce deeply nested documents. The issue arises in recursive functions because the server does not periodically check the depth of the expression.
No detection rules found.
No public exploits indexed.
2026-02-10
Published