7.1
CVE-2026-25610 - Invalid $geoNear index hint may cause server crash
An authorized user may trigger a server crash by running a $geoNear pipeline with certain invalid index hints.
7.8
CVE-2026-21346 - Bridge | Out-of-bounds Write (CWE-787)
Bridge versions 15.1.3, 16.0.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
7.8
CVE-2026-21347 - Bridge | Integer Overflow or Wraparound (CWE-190)
Bridge versions 15.1.3, 16.0.1 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
8.2
CVE-2026-1848 - Connections received from the proxy port may not count towards total accepted connections
Connections received from the proxy port may not count towards total accepted connections, resulting in server crashes if the total number of connections exceeds available resources. This only applies to connections accepted from the proxy port, pending the proxy protocol header.
7.8
CVE-2026-21344 - Substance3D - Stager | Out-of-bounds Read (CWE-125)
Substance3D - Stager versions 3.1.6 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current usโฆ
7.8
CVE-2026-21343 - Substance3D - Stager | Out-of-bounds Read (CWE-125)
Substance3D - Stager versions 3.1.6 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current usโฆ
7.8
CVE-2026-21341 - Substance3D - Stager | Out-of-bounds Write (CWE-787)
Substance3D - Stager versions 3.1.6 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
7.8
CVE-2026-21345 - Substance3D - Stager | Out-of-bounds Read (CWE-125)
Substance3D - Stager versions 3.1.6 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current usโฆ
7.8
CVE-2026-21342 - Substance3D - Stager | Out-of-bounds Write (CWE-787)
Substance3D - Stager versions 3.1.6 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
7.1
CVE-2026-1847 - MongoDB Server may crash when inserting large documents
Inserting certain large documents into a replica set could lead to replica set secondaries not being able to fetch the oplog from the primary. This could stall replication inside the replica set leading to server crash.