CVE-2021-32037

MEDIUM

MongoDB 5.0.0-5.0.2 - Authenticated Denial of Service via Aggregation Request to Shard

Title source: llm

Description

An authorized user may trigger an invariant which may result in denial of service or server exit if a relevant aggregation request is sent to a shard. Usually, the requests are sent via mongos and special privileges are required in order to know the address of the shards and to log in to the shards of an auth enabled environment. This issue affects MongoDB Server v5.0 versions prior to and including 5.0.2.

References (1)

Core 1

Core References

Vendor Advisory x_refsource_misc

https://jira.mongodb.org/browse/SERVER-59071

Scores

CVSS v3 6.5

EPSS 0.0118

EPSS Percentile 63.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-617

Status published

Products (1)

mongodb/mongodb 5.0.0 - 5.0.2

Published Nov 24, 2021

Tracked Since Feb 18, 2026