CVE-2026-1848

HIGH

Proxy - DoS

Title source: llm

Description

Connections received from the proxy port may not count towards total accepted connections, resulting in server crashes if the total number of connections exceeds available resources. This only applies to connections accepted from the proxy port, pending the proxy protocol header.

References (1)

[Various Sources] https://jira.mongodb.org/browse/SERVER-114695

Scores

CVSS v3 7.5

EPSS 0.0006

EPSS Percentile 19.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-770

Status published

Products (1)

mongodb/mongodb 7.0.0 - 7.0.29

Published Feb 10, 2026

Tracked Since Feb 18, 2026