CVE-2026-25609 — Missing Authorization in INC Mongodb Server

CWE-862 — Missing Authorization5 documents5 sources

Severity

5.3MEDIUMNVD

EPSS

0.0%

top 90.04%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mongodb INC Mongodb Server Mongodb

Timeline

PublishedFeb 10

Description

Incorrect validation of the profile command may result in the determination that a request altering the 'filter' is read-only.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N

Affected Packages2 packages

▶NVDmongodb/mongodb7.0.0 — 7.0.29+2

▶CVEListV5mongodb_inc/mongodb_server8.2 — 8.2.4+2

🔴Vulnerability Details

GHSA

GHSA-57mf-76f3-g3qh: Incorrect validation of the profile command may result in the determination that a request altering the 'filter' is read-only↗2026-02-10

▶

CVEList

profile command may permit unauthorized configuration↗2026-02-10

▶

OSV

CVE-2026-25609: Incorrect validation of the profile command may result in the determination that a request altering the 'filter' is read-only↗2026-02-10

▶

🕵️Threat Intelligence

Wiz

CVE-2026-25609 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶