Description
Inserting certain large documents into a replica set could lead to replica set secondaries not being able to fetch the oplog from the primary. This could stall replication inside the replica set leading to server crash.
Published: 2026-02-10
Score: 7.1 High
EPSS: < 1% Very Low
KEV: No
Impact: Server crash (Denial of Service)
Action: Monitor
AI Analysis

Impact

Inserting special large documents into a MongoDB replica set can cause secondary members to fail fetching the oplog from the primary, which stalls replication and may lead to a server crash. The result is a denial‑of‑service condition that can make the affected MongoDB instance unavailable.

Affected Systems

MongoDB Inc. MongoDB Server is affected. No specific version information is provided, so all installations may potentially be vulnerable until further details are released.

Risk and Exploitability

The CVSS score of 7.1 indicates moderate to high severity, while the EPSS score of less than 1% suggests a low likelihood of exploitation in the wild. The vulnerability is not listed in CISA’s KEV catalog. Based on the description, the likely attack vector is the transmission of unusually large documents to a secondary node in a replica set, which requires that the attacker can write data to the database and that the replica set configuration does not restrict document size.

Generated by OpenCVE AI on April 18, 2026 at 12:45 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Check the latest MongoDB Server release notes for a fix related to SERVER-113532 and upgrade if available.
  • Enforce a stricter maximum document size on the replica set to prevent insertion of oversized documents.
  • Monitor replication lag and ensure secondaries can fetch the oplog; adjust oplog window or resource limits if necessary.

Generated by OpenCVE AI on April 18, 2026 at 12:45 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 25 Feb 2026 17:30:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:mongodb:mongodb:*:*:*:*:-:*:*:*

Tue, 10 Feb 2026 21:45:00 +0000

Type Values Removed Values Added
First Time appeared Mongodb
Mongodb mongodb
Vendors & Products Mongodb
Mongodb mongodb

Tue, 10 Feb 2026 21:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 10 Feb 2026 18:45:00 +0000

Type Values Removed Values Added
Description Inserting certain large documents into a replica set could lead to replica set secondaries not being able to fetch the oplog from the primary. This could stall replication inside the replica set leading to server crash.
Title MongoDB Server may crash when inserting large documents
Weaknesses CWE-770
References
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

cvssV4_0

{'score': 7.1, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Mongodb Mongodb
cve-icon MITRE

Status: PUBLISHED

Assigner: mongodb

Published:

Updated: 2026-02-10T20:12:18.968Z

Reserved: 2026-02-03T18:21:50.648Z

Link: CVE-2026-1847

cve-icon Vulnrichment

Updated: 2026-02-10T20:11:58.477Z

cve-icon NVD

Status : Analyzed

Published: 2026-02-10T19:15:51.160

Modified: 2026-02-25T17:25:07.183

Link: CVE-2026-1847

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T12:45:45Z

Weaknesses