CVE-2026-25612Unrestricted Externally Accessible Lock in INC Mongodb Server

CWE-412Unrestricted Externally Accessible Lock5 documents5 sources
Severity
7.1HIGHNVD
EPSS
0.0%
top 85.96%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Mongodb INC Mongodb Server
Timeline
PublishedFeb 10

Description

The internal locking mechanism of the MongoDB server uses an internal encoding of the resources in order to choose what lock to take. Collections may inadvertently collide with one another in this representation causing unavailability between them due to conflicting locks.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Affected Packages1 packages

CVEListV5mongodb_inc/mongodb_server8.28.2.4+2

🔴Vulnerability Details

3
OSV
CVE-2026-25612: The internal locking mechanism of the MongoDB server uses an internal encoding of the resources in order to choose what lock to take2026-02-10
CVEList
Internal ResourceId collision may affect unrelated collections2026-02-10
GHSA
GHSA-c488-mfgm-vqrf: The internal locking mechanism of the MongoDB server uses an internal encoding of the resources in order to choose what lock to take2026-02-10

🕵️Threat Intelligence

1
Wiz
CVE-2026-25612 Impact, Exploitability, and Mitigation Steps | Wiz
CVE-2026-25612 — INC Mongodb Server vulnerability | cvebase