Approved changes feed: RSS · Atom
cpe:2.3:a:mongodb:mongodb:6.0.21:*:*:*:*:*:*:*
part: a version: 6.0.21 update: *
| Vendor | Mongodb (1aa156a6-63a9-5032-baaf-10197d408a1e) |
|---|---|
| Product | Mongodb (fa9f1f9b-0cc9-5830-a189-b908276ac432) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2025-6714 |
vulnerable | 2026-06-03 15:12:28.710637 |
Incorrect Handling of incomplete data may prevent mongoS from Accepting New Connections
HIGH (7.5)
MongoDB Server's mongos component can become unresponsive to new connections due to incorrect handling of incomplete data. This affects MongoDB when configured with load balancer support. This issue affects MongoDB Server v6.0 prior to 6.0.23, MongoDB Server v7.0 prior to 7.0.20 and MongoDB Server v8.0 prior to 8.0.9
Required Configuration:
This affects MongoDB sharded clusters when configured with load balancer support for mongos using HAProxy on specified ports.
Published: 2025-07-07T14:48:48.312Z
Updated: 2025-07-07T19:11:47.975Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-6713 |
vulnerable | 2026-06-03 15:12:28.707142 |
MongoDB Server may be susceptible to privilege escalation due to $mergeCursors stage
HIGH (7.7)
An unauthorized user may leverage a specially crafted aggregation pipeline to access data without proper authorization due to improper handling of the $mergeCursors stage in MongoDB Server. This may lead to access to data without further authorisation. This issue affects MongoDB Server MongoDB Server v8.0 versions prior to 8.0.7, MongoDB Server v7.0 versions prior to 7.0.19 and MongoDB Server v6.0 versions prior to 6.0.22
Published: 2025-07-07T14:46:36.201Z
Updated: 2025-07-18T05:50:23.153Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-6707 |
vulnerable | 2026-06-03 15:12:28.636490 |
Race condition in privilege cache invalidation cycle
MEDIUM (4.2)
Under certain conditions, an authenticated user request may execute with stale privileges following an intentional change by an authorized administrator. This issue affects MongoDB Server v5.0 version prior to 5.0.31, MongoDB Server v6.0 version prior to 6.0.24, MongoDB Server v7.0 version prior to 7.0.21 and MongoDB Server v8.0 version prior to 8.0.5.
Published: 2025-06-26T14:04:46.283Z
Updated: 2026-02-26T17:50:22.191Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-6706 |
vulnerable | 2026-06-03 15:12:28.588965 |
Running certain aggregation operations with the SBE engine may lead to unexpected behavior on MongoDB Server
MEDIUM (5)
An authenticated user may trigger a use after free that may result in MongoDB Server crash and other unexpected behavior, even if the user does not have authorization to shut down a server.
The crash is triggered on affected versions by issuing an aggregation framework operation using a specific combination of rarely-used aggregation pipeline expressions. This issue affects MongoDB Server v6.0 version prior to 6.0.21, MongoDB Server v7.0 version prior to 7.0.17 and MongoDB Server v8.0 version prior to 8.0.4 when the SBE engine is enabled.
Published: 2025-06-26T14:00:22.802Z
Updated: 2025-06-26T17:40:45.307Z Reference links |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.