Connections received from the proxy port may not count towards...

8.2 / 10

HIGH

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Description

Connections received from the proxy port may not count towards total accepted connections, resulting in server crashes if the total number of connections exceeds available resources. This only applies to connections accepted from the proxy port, pending the proxy protocol header.

Basic Information

ID CVE-2026-1848

Source mongodb

Published Feb 10, 2026 at 18:22

Affected Product

Vendor MongoDB Inc

Product MongoDB Server

Version 8.2

Affected Versions MongoDB Inc MongoDB Server 8.2
MongoDB Inc MongoDB Server 8.0
MongoDB Inc MongoDB Server 7.0

CWE Classification

CWE-770

References

jira.mongodb.org /browse/SERVER-114695

{
    "lastseen": "",
    "description": "Connections received from the proxy port may not count towards total accepted connections, resulting in server crashes if the total number of connections exceeds available resources. This only applies to connections accepted from the proxy port, pending the proxy protocol header.",
    "published": "2026-02-10T18:22:41.971Z",
    "modified": "2026-02-10T18:22:41.971Z",
    "type": "cve",
    "title": "Connections received from the proxy port may not count towards total accepted connections",
    "source": "mongodb",
    "references": "https://jira.mongodb.org/browse/SERVER-114695",
    "id": "CVE-2026-1848",
    "bulletinFamily": "",
    "cwe": [
        "CWE-770"
    ],
    "cvelist": null,
    "sourceData": "MongoDB Inc MongoDB Server 8.2\nMongoDB Inc MongoDB Server 8.0\nMongoDB Inc MongoDB Server 7.0",
    "sourceHref": "",
    "cvss": {
        "score": 8.2,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "MongoDB Server",
    "version": "8.2",
    "vendor": "MongoDB Inc",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Connections received from the proxy port may not count towards total accepted connections_CVE-2026-1848