HIGHCVE-2026-25612Published Modified CNA mongodb
CVE-2026-25612: Internal ResourceId collision may affect unrelated collections
The internal locking mechanism of the MongoDB server uses an internal encoding of the resources in order to choose what lock to take. Collections may inadvertently collide with one another in this representation causing unavailability between them due to conflicting locks.
Metrics
- CVSS v4.0
- 7.1
- Severity
- HIGH
- Fixed in
- 7.0.29
- Affected Products
- 1
Fix available
7.0.298.0.188.2.4
Affected packages
- MongoDB Inc / MongoDB Server< 8.2.4 (from 8.2) · < 8.0.18 (from 8.0) · < 7.0.29 (from 7.0)
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:NReferences