CVE-2026-42334P3HIGHCVSS 7.5fixed in 6.13.9·v>= 7.0.0, <= 7.8.8+2 more2026-05-14
CVE-2026-42334 [HIGH] CWE-74 CVE-2026-42334: Mongoose is a MongoDB object modeling tool designed to work in an asynchronous environment. Prior to
Mongoose is a MongoDB object modeling tool designed to work in an asynchronous environment. Prior to 6.13.9, 7.8.9, 8.22.1, and 9.1.6, a vulnerability allows bypassing Mongoose’s sanitizeFilter query sanitization mechanism via the $nor operator. When sanitizeFilter is enabled, Mongoose wraps query operators in $eq to neutralize them. However, prior to
nvd