Home

Description

The internal locking mechanism of the MongoDB server uses an internal encoding of the resources in order to choose what lock to take. Collections may inadvertently collide with one another in this representation causing unavailability between them due to conflicting locks.

PUBLISHED Reserved 2026-02-03 | Published 2026-02-10 | Updated 2026-02-10 | Assigner mongodb




HIGH: 7.1CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

MEDIUM: 6.5CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Problem types

CWE-412 Unrestricted Externally Accessible Lock

Product status

Default status
unaffected

8.2 (semver) before 8.2.4
affected

8.0 (semver) before 8.0.18
affected

7.0 (semver) before 7.0.29
affected

References

jira.mongodb.org/browse/SERVER-114838

jira.mongodb.org/browse/SERVER-115296

cve.org (CVE-2026-25612)

nvd.nist.gov (CVE-2026-25612)

Download JSON