Login Sign Up

CVE-2026-1848

7.5 HIGH
Denial of Service

📋 TL;DR

This vulnerability in MongoDB allows connections from proxy ports to bypass connection counting, potentially causing server crashes when connection limits are exceeded. It affects MongoDB servers with proxy protocol enabled, specifically impacting connections pending proxy protocol header validation.

💻 Affected Systems

Products:
  • MongoDB
Versions: Specific versions not specified in CVE, but referenced JIRA ticket indicates recent versions with proxy protocol support
Operating Systems: All platforms running affected MongoDB versions
Default Config Vulnerable: ✅ No
Notes: Only affects systems with proxy protocol enabled on MongoDB instances.

📦 What is this software?

Mongodb by Mongodb

View all CVEs affecting Mongodb →

Mongodb by Mongodb

View all CVEs affecting Mongodb →

Mongodb by Mongodb

View all CVEs affecting Mongodb →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Denial of service through server crashes, potentially leading to extended downtime and data unavailability.

🟠

Likely Case

Intermittent service disruptions or performance degradation when connection limits are approached.

🟢

If Mitigated

Minimal impact with proper connection limits and monitoring in place.

🌐 Internet-Facing: HIGH - Proxy ports are often internet-facing and attackers can exploit this without authentication.
🏢 Internal Only: MEDIUM - Internal attackers or misconfigured internal services could still trigger the condition.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires sending connections to proxy port but no authentication or special payload needed.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check MongoDB security advisories for specific fixed versions

Vendor Advisory: https://jira.mongodb.org/browse/SERVER-114695

Restart Required: Yes

Instructions:

1. Check MongoDB security advisory for fixed version. 2. Backup databases. 3. Upgrade MongoDB to patched version. 4. Restart MongoDB service.

🔧 Temporary Workarounds

Disable Proxy Protocol

all

Disable proxy protocol support if not required for your deployment

Modify MongoDB configuration to remove proxyProtocol parameter

Reduce Connection Limits

all

Lower maximum connection limits to reduce impact window

Set net.maxIncomingConnections to conservative value in mongod.conf

🧯 If You Can't Patch

  • Implement network controls to restrict access to MongoDB proxy ports
  • Deploy rate limiting or connection throttling at network perimeter

🔍 How to Verify

Check if Vulnerable:

Check if proxy protocol is enabled in MongoDB configuration and version matches affected range

Check Version:

mongod --version

Verify Fix Applied:

Verify MongoDB version is updated to patched version and proxy protocol connections are properly counted

📡 Detection & Monitoring

Log Indicators:

  • Unexpected server restarts
  • Connection limit warnings
  • Proxy port connection spikes

Network Indicators:

  • High volume of connections to MongoDB proxy port
  • Connection attempts bypassing normal authentication

SIEM Query:

source="mongodb.log" AND ("restarting" OR "connection limit" OR "proxy")

📊 Metadata

CVE ID: CVE-2026-1848
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-770
Published: February 10, 2026
Last Updated: February 25, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2026-1848, you might also want to check these:

CVE-2024-44241 9.8

This vulnerability in DCP firmware allows attackers to execute arbitrary code or cause system crashe...

Same vulnerability type (CWE-770)
CVE-2025-11832 9.8

This CVE describes a resource allocation vulnerability in Azure Access Technology BLU-IC2 and BLU-IC...

Same vulnerability type (CWE-770)
CVE-2021-47875 9.8

GeoGebra CAS Calculator 6.0.631.0 contains a buffer overflow vulnerability that allows attackers to ...

Same vulnerability type (CWE-770)