Mongod can run out of stack memory when expressions create...

7.1 / 10

HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Description

MongoDB Server may experience an out-of-memory failure while evaluating expressions that produce deeply nested documents. The issue arises in recursive functions because the server does not periodically check the depth of the expression.

Basic Information

ID CVE-2026-1849

Source mongodb

Published Feb 10, 2026 at 18:52

Modified Feb 10, 2026 at 19:17

Affected Product

Vendor MongoDB Inc

Product MongoDB Server

Version 8.0

Affected Versions MongoDB Inc MongoDB Server 8.0
MongoDB Inc MongoDB Server 7.0
MongoDB Inc MongoDB Server 8.2

CWE Classification

CWE-674

References

jira.mongodb.org /browse/SERVER-102364

{
    "lastseen": "",
    "description": "MongoDB Server may experience an out-of-memory failure while evaluating expressions that produce deeply nested documents. The issue arises in recursive functions because the server does not periodically check the depth of the expression.",
    "published": "2026-02-10T18:52:52.737Z",
    "modified": "2026-02-10T19:17:02.296Z",
    "type": "cve",
    "title": "Mongod can run out of stack memory when expressions create deeply nested documents",
    "source": "mongodb",
    "references": "https://jira.mongodb.org/browse/SERVER-102364",
    "id": "CVE-2026-1849",
    "bulletinFamily": "",
    "cwe": [
        "CWE-674"
    ],
    "cvelist": null,
    "sourceData": "MongoDB Inc MongoDB Server 8.0\nMongoDB Inc MongoDB Server 7.0\nMongoDB Inc MongoDB Server 8.2",
    "sourceHref": "",
    "cvss": {
        "score": 7.1,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "MongoDB Server",
    "version": "8.0",
    "vendor": "MongoDB Inc",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Mongod can run out of stack memory when expressions create deeply nested documents_CVE-2026-1849