CVE-2026-1847
MongoDB Server may crash when inserting large documents
EPSS 0.08%
Description
Inserting certain large documents into a replica set could lead to replica set secondaries not being able to fetch the oplog from the primary. This could stall replication inside the replica set leading to server crash.
How to fix CVE-2026-1847
To remediate CVE-2026-1847, upgrade the affected package to a fixed version below.
- Bitnami/mongodb—upgrade to 7.0.29 or later
Is CVE-2026-1847 being exploited?
Low — EPSS is 0.1%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- >= 7.0.0, < 7.0.29, >= 8.0.0, < 8.0.18, >= 8.2.0, < 8.2.4
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 4.0 | — | CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |