HIGHCVE-2026-1848Published Modified CNA mongodb
CVE-2026-1848: Connections received from the proxy port may not count towards total accepted connections
Connections received from the proxy port may not count towards total accepted connections, resulting in server crashes if the total number of connections exceeds available resources. This only applies to connections accepted from the proxy port, pending the proxy protocol header.
Metrics
- CVSS v4.0
- 8.2
- Severity
- HIGH
- Fixed in
- 7.0.29
- Affected Products
- 1
Fix available
7.0.298.0.188.2.4
Affected packages
- MongoDB Inc / MongoDB Server< 8.2.4 (from 8.2) · < 8.0.18 (from 8.0) · < 7.0.29 (from 7.0)
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:NReferences