Critical MongoDB Vulnerability (CVE-2026-25611) Enables Server Crashes via Low-Bandwidth Attacks
A high-severity vulnerability (CVE-2026-25611, CVSS 7.5) has been identified in MongoDB, allowing unauthenticated attackers to crash exposed servers with minimal effort. The flaw affects all MongoDB versions where compression is enabled including versions 3.4 and later, with compression active by default since version 3.6 as well as MongoDB Atlas.
Exploiting the vulnerability requires sending a small 47KB zlib-compressed packet while falsely declaring an uncompressed size of 48MB. This triggers a server crash, disrupting operations for affected deployments. The issue poses a risk to organizations relying on MongoDB for data storage, particularly those with internet-exposed instances.
No active exploitation has been reported at this time, but the ease of triggering the flaw raises concerns about potential widespread abuse. MongoDB users are advised to monitor for official patches and mitigation guidance.
Source: https://www.linkedin.com/feed/update/urn:li:activity:7435324625724796929
MongoDB cybersecurity rating report: https://www.rankiteo.com/company/mongodbinc
"id": "MON1772720630",
"linkid": "mongodbinc",
"type": "Vulnerability",
"date": "3/2026",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'customers_affected': 'Organizations relying on '
'MongoDB for data storage with '
'internet-exposed instances',
'industry': 'Technology',
'name': 'MongoDB',
'type': 'Database Software Provider'}],
'attack_vector': 'Network',
'description': 'A high-severity vulnerability (CVE-2026-25611, CVSS 7.5) has '
'been identified in MongoDB, allowing unauthenticated '
'attackers to crash exposed servers with minimal effort. The '
'flaw affects all MongoDB versions where compression is '
'enabled, including versions 3.4 and later, with compression '
'active by default since version 3.6 as well as MongoDB Atlas. '
'Exploiting the vulnerability requires sending a small 47KB '
'zlib-compressed packet while falsely declaring an '
'uncompressed size of 48MB, triggering a server crash and '
'disrupting operations for affected deployments.',
'impact': {'downtime': 'Server crashes disrupting operations',
'operational_impact': 'Disruption of data storage and retrieval '
'operations',
'systems_affected': 'MongoDB servers with compression enabled'},
'post_incident_analysis': {'corrective_actions': 'Apply official patches and '
'mitigation guidance from '
'MongoDB',
'root_causes': 'Vulnerability in zlib compression '
'handling in MongoDB'},
'recommendations': 'Monitor for official patches and mitigation guidance from '
'MongoDB.',
'references': [{'source': 'MongoDB Security Advisory'}],
'response': {'remediation_measures': 'Monitor for official patches and '
'mitigation guidance'},
'title': 'Critical MongoDB Vulnerability (CVE-2026-25611) Enables Server '
'Crashes via Low-Bandwidth Attacks',
'type': 'Denial of Service (DoS)',
'vulnerability_exploited': 'CVE-2026-25611'}