{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-1849", "assignerOrgId": "a39b4221-9bd0-4244-95fc-f3e2e07f1deb", "state": "PUBLISHED", "assignerShortName": "mongodb", "dateReserved": "2026-02-03T18:21:52.859Z", "datePublished": "2026-02-10T18:52:52.737Z", "dateUpdated": "2026-02-10T19:17:02.296Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "MongoDB Server", "vendor": "MongoDB Inc", "versions": [{"lessThan": "8.0.18", "status": "affected", "version": "8.0", "versionType": "semver"}, {"lessThan": "7.0.29", "status": "affected", "version": "7.0", "versionType": "semver"}, {"lessThan": "8.2.2", "status": "affected", "version": "8.2", "versionType": "semver"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "MongoDB Server may experience an out-of-memory failure while evaluating expressions that produce deeply nested documents. The issue arises in recursive functions because the server does not periodically check the depth of the expression."}], "value": "MongoDB Server may experience an out-of-memory failure while evaluating expressions that produce deeply nested documents. The issue arises in recursive functions because the server does not periodically check the depth of the expression."}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "baseScore": 7.1, "baseSeverity": "HIGH", "exploitMaturity": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}, {"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-674", "description": "CWE-674 Uncontrolled Recursion", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "a39b4221-9bd0-4244-95fc-f3e2e07f1deb", "shortName": "mongodb", "dateUpdated": "2026-02-10T18:52:52.737Z"}, "references": [{"url": "https://jira.mongodb.org/browse/SERVER-102364"}], "source": {"discovery": "UNKNOWN"}, "title": "Mongod can run out of stack memory when expressions create deeply nested documents", "x_generator": {"engine": "Vulnogram 0.5.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-02-10T19:16:27.778333Z", "id": "CVE-2026-1849", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-10T19:17:02.296Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-1849", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-02-10T19:16:27.778333Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-10T19:16:31.309Z"}}], "cna": {"title": "Mongod can run out of stack memory when expressions create deeply nested documents", "source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 7.1, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}, {"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "MongoDB Inc", "product": "MongoDB Server", "versions": [{"status": "affected", "version": "8.0", "lessThan": "8.0.18", "versionType": "semver"}, {"status": "affected", "version": "7.0", "lessThan": "7.0.29", "versionType": "semver"}, {"status": "affected", "version": "8.2", "lessThan": "8.2.2", "versionType": "semver"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://jira.mongodb.org/browse/SERVER-102364"}], "x_generator": {"engine": "Vulnogram 0.5.0"}, "descriptions": [{"lang": "en", "value": "MongoDB Server may experience an out-of-memory failure while evaluating expressions that produce deeply nested documents. The issue arises in recursive functions because the server does not periodically check the depth of the expression.", "supportingMedia": [{"type": "text/html", "value": "MongoDB Server may experience an out-of-memory failure while evaluating expressions that produce deeply nested documents. The issue arises in recursive functions because the server does not periodically check the depth of the expression.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-674", "description": "CWE-674 Uncontrolled Recursion"}]}], "providerMetadata": {"orgId": "a39b4221-9bd0-4244-95fc-f3e2e07f1deb", "shortName": "mongodb", "dateUpdated": "2026-02-10T18:52:52.737Z"}}}, "cveMetadata": {"cveId": "CVE-2026-1849", "state": "PUBLISHED", "dateUpdated": "2026-02-10T19:17:02.296Z", "dateReserved": "2026-02-03T18:21:52.859Z", "assignerOrgId": "a39b4221-9bd0-4244-95fc-f3e2e07f1deb", "datePublished": "2026-02-10T18:52:52.737Z", "assignerShortName": "mongodb"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mongodb:mongodb:*:*:*:*:*:*:*:*", "matchCriteriaId": "0EE77D5B-E587-4992-8E30-F3E8D085B00C", "versionEndExcluding": "7.0.29", "versionStartIncluding": "7.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:mongodb:mongodb:*:*:*:*:*:*:*:*", "matchCriteriaId": "4F6EFC47-E40A-4429-B6CD-27E497A9754F", "versionEndExcluding": "8.0.18", "versionStartIncluding": "8.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:mongodb:mongodb:*:*:*:*:*:*:*:*", "matchCriteriaId": "4E2374C5-A865-4B1D-9729-728A9F74BE54", "versionEndExcluding": "8.2.2", "versionStartIncluding": "8.2.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "MongoDB Server may experience an out-of-memory failure while evaluating expressions that produce deeply nested documents. The issue arises in recursive functions because the server does not periodically check the depth of the expression."}, {"lang": "es", "value": "Servidor MongoDB puede experimentar un fallo por falta de memoria mientras eval\u00faa expresiones que producen documentos profundamente anidados. El problema surge en funciones recursivas porque el servidor no comprueba peri\u00f3dicamente la profundidad de la expresi\u00f3n."}], "id": "CVE-2026-1849", "lastModified": "2026-02-25T17:17:56.350", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "cna@mongodb.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cna@mongodb.com", "type": "Secondary"}]}, "published": "2026-02-10T19:15:51.477", "references": [{"source": "cna@mongodb.com", "tags": ["Vendor Advisory"], "url": "https://jira.mongodb.org/browse/SERVER-102364"}], "sourceIdentifier": "cna@mongodb.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-674"}], "source": "cna@mongodb.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[8.0,8.0.18)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[7.0,7.0.29)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[8.2,8.2.2)"}}], "product": "mongodb", "vendor": "mongodb"}], "analysis": {"en": {"generated_at": "2026-04-17T20:29:59.473852+00:00", "value": {"mitigation_remediation": ["Upgrade MongoDB Server to the latest released version that fixes the nested expression evaluation issue.", "Configure expression evaluation limits or disable recursion features if the server configuration supports it to prevent deep nesting.", "Validate and sanitize all client\u2011supplied expressions to ensure depth does not exceed safe thresholds before they reach the server.", "Monitor server logs for out\u2011of\u2011memory or stack overflow errors and schedule maintenance to restart services if crashes occur."], "summary": {"action": "Immediate Patch", "impact": "Denial of Service via stack exhaustion"}, "threat_synthesis": {"affected_systems": "All releases of MongoDB Server from the vendor MongoDB Inc are affected. No version ranges are specified, so all deployed versions should be considered vulnerable until a patch is applied. Administrators should treat all installations of MongoDB Server as impacted.", "description_and_impact": "The vulnerability allows MongoDB Server to run out of memory while evaluating expressions that generate deeply nested documents. Recursive functions in the server fail to monitor expression depth, leading to an out\u2011of\u2011memory condition that can cause the mongod process to crash. The impact is a denial\u2011of\u2011service to the database instance, affecting data availability but not compromising confidentiality or integrity directly.", "risk_and_exploitability": "The vulnerability carries a CVSS score of 7.1, indicating a high severity. The EPSS probability is reported as less than 1%, meaning exploitation is considered unlikely but possible. It is not listed in the CISA Known Exploited Vulnerabilities catalog. Likely attack vectors include remote clients submitting queries that construct deeply nested expressions; the path is inferred from the description of recursive expression evaluation. Successful exploitation would require the attacker to trigger the server\u2019s expression parser with a crafted input, leading to a server crash."}}}}, "created": "2026-02-11T21:51:51.571346+00:00", "updated": "2026-04-17T20:30:15.819380+00:00", "vendors": ["mongodb", "mongodb$PRODUCT$mongodb"]}