cbcvebase.
CVE-2026-25612
published 2026-02-10

CVE-2026-25612: The internal locking mechanism of the MongoDB server uses an internal encoding of the resources in order to choose what lock to take. Collections may…

PriorityP433medium6.5CVSS 3.1
AVNACLPRLUINSUCNINAH
EPSS
0.20%
9.8th percentile
The internal locking mechanism of the MongoDB server uses an internal encoding of the resources in order to choose what lock to take. Collections may inadvertently collide with one another in this representation causing unavailability between them due to conflicting locks.

Affected

3 ranges
VendorProductVersion rangeFixed in
mongodb_incmongodb_server>= 7.0 < 7.0.297.0.29
mongodb_incmongodb_server>= 8.0 < 8.0.188.0.18
mongodb_incmongodb_server>= 8.2 < 8.2.48.2.4

CVSS provenance

nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
nvdv4.07.1HIGHCVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
osv7.1HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.