CVE-2026-6915
published 2026-04-29CVE-2026-6915: An authorization flaw in the user management command could allow an authenticated user to make limited changes to authentication-related data associated with…
medium5.3CVSS 4.0
AVNACLATNPRLUINVCLVILVALSCNSINSANEXCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSXAUXRXVXREXUX
An authorization flaw in the user management command could allow an authenticated user to make limited changes to authentication-related data associated with another user account. This could affect how authentication is performed for the impacted account.
Affected
14 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| mongodb | mongodb | >= 7.0.0 < 7.0.32 | 7.0.32 |
| mongodb | mongodb | >= 8.0.0 < 8.0.21 | 8.0.21 |
| mongodb | mongodb | >= 8.2.0 < 8.2.7 | 8.2.7 |
| mongodb | mongodb_server | >= 7.0.0 < 7.0.32 | 7.0.32 |
| mongodb | mongodb_server | >= 8.0.0 < 8.0.21 | 8.0.21 |
| mongodb | mongodb_server | >= 8.2.0 < 8.2.7 | 8.2.7 |
| rhceph | alloy-rhel10 | — | — |
| rhoai | odh-workbench-jupyter-datascience-cpu-py312-rhel9 | — | — |
| rhoai | odh-workbench-jupyter-pytorch-cuda-py312-rhel9 | — | — |
| rhoai | odh-workbench-jupyter-pytorch-llmcompressor-cuda-py312-rhel9 | — | — |
| rhoai | odh-workbench-jupyter-pytorch-rocm-py312-rhel9 | — | — |
| rhoai | odh-workbench-jupyter-tensorflow-cuda-py312-rhel9 | — | — |
| rhoai | odh-workbench-jupyter-tensorflow-rocm-py312-rhel9 | — | — |
| rhoai | odh-workbench-jupyter-trustyai-cpu-py312-rhel9 | — | — |