The Digital Security Authority (DSA) wants to bring to your attention a vulnerability affecting MongoDB. 

Technical Details

This vulnerability with a CVSS score of 7.5 known by the name “MongoBleed” has been actively exploited in the wild. The flaw exists in MongoDB server zlib network message decompression algorithm. The server does not validate the length of the compressed data before processing. This allows, network-level attackers to extract data of uninitialized server memory. An attacker can send crafted compressed payloads to make MongoDB miscalculate decompressed data length and leak memory contents.
This vulnerability enables information leak, which may be used for reconnaissance, data harvesting, or chaining with other attacks.
This vulnerability is remotely exploitable without authentication, has low attack complexity (easy to exploit) and does not require user interaction.

Affected Versions:

1. MongoDB 8.2 prior to 8.2.3
2. MongoDB 8.0 prior to 8.0.17
3. MongoDB 7.0 prior to 7.0.28
4. MongoDB 6.0 prior to 6.0.27
5. MongoDB 5.0 prior to 5.0.32
6. MongoDB 4.4 prior to 4.4.30
7. All MongoDB Server 4.2.x versions
8. All MongoDB Server 4.0.x versions
9. All MongoDB Server 3.6.x versions

Recommendations

The Digital Security Authority recommends upgrading to the latest corresponding version of MongoDB: 

• 8.2.3
• 8.0.17
• 7.0.28
• 6.0.27
• 5.0.32
• 4.4.30

References

1. Common Vulnerabilities & Exposures
2. Common Weakness Enumeration

The information presented in this report is based on available data up to the 11th of December 2025. 

 [ Get the report  in .PDF ]