vulnerability

MongoDB: CVE-2026-1847: Allocation of Resources Without Limits or Throttling

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
7	(AV:N/AC:L/Au:S/C:N/I:N/A:C)	Feb 10, 2026	Apr 27, 2026	Apr 27, 2026

Severity

CVSS

(AV:N/AC:L/Au:S/C:N/I:N/A:C)

Published

Feb 10, 2026

Added

Apr 27, 2026

Modified

Apr 27, 2026

Description

Inserting certain large documents into a replica set could lead to replica set secondaries not being able to fetch the oplog from the primary. This could stall replication inside the replica set leading to server crash.

Solutions

mongodb-upgrade-latestmongodb-upgrade-7_0_29mongodb-upgrade-8_0_18mongodb-upgrade-8_2_4

References

CVE-2026-1847
https://attackerkb.com/topics/CVE-2026-1847
https://jira.mongodb.org/browse/SERVER-113532
https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-6736
CWE-770
EUVD-EUVD-2026-6736

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report