virus logo Intrusion Prevention

MongoDB.Server.MongoBleed.Information.Disclosure

description-logoDescription

This indicates an attack attempt to exploit an Information Disclosure vulnerability in MongoDB and MongoDB server.
The vulnerability is due to insufficient validation of user-supplied inputs. A remote attack can exploit this vulnerability by sending a crafted request to the target device. Successful exploitation could lead to disclosure of sensitive information.

affected-products-logoAffected Products

MongoDB 8.2.0 prior to 8.2.3
MongoDB 8.0.0 prior to 8.0.17
MongoDB 7.0.0 prior to 7.0.28
MongoDB 6.0.0 prior to 6.0.27
MongoDB 5.0.0 prior to 5.0.32
MongoDB 4.4.0 prior to 4.4.30
MongoDB Server 4.2.x and prior

Impact logoImpact

Information Disclosure: Remote attackers can gain sensitive information from vulnerable systems.

recomended-action-logoRecommended Actions

Apply the most recent upgrade or patch from the vendor.
https://jira.mongodb.org/browse/SERVER-115508

Coverage

IPS (Regular DB)
IPS (Extended DB)

Version Updates

Date Version Status Detail
2026-01-15 35.152
Modified
 Default_action:pass:drop
2025-12-31 35.143
New
ID 59827
Created Dec 30, 2025
Updated Jan 14, 2026
CVE ID
Tags Threat Signal
Risk black-background-circle-icon black-background-circle-icon black-background-circle-icon black-background-circle-icon lightgray-background-circle-icon
Known Exploited Yes
Exploit Prediction Score 64.81%
Default Action drop
Active
Affected OS Windows, Linux, MacOS
Affected App Other
Profile Type Information Disclosure