A new vulnerability in MongoDB servers has been identified, with four critical flaws posing risks to widely used document databases. The most serious vulnerabilities, CVE-2026-11933 and CVE-2026-9740, score 8.7 on the CVSS scale and can lead to memory leak and server crashes. Two additional issues, CVE-2026-9750 and CVE-2026-9743, also pose threats by allowing authenticated users to corrupt internal metadata and cause server downtime.
Administrators are urged to upgrade to patched versions (8.0.26, 8.2.11, 8.3.4) promptly, especially due to the unauthenticated nature of one flaw that does not require login.