Internal ResourceId collision may affect unrelated collections_CVE-2026-25612

7.1 / 10

HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Description

The internal locking mechanism of the MongoDB server uses an internal encoding of the resources in order to choose what lock to take. Collections may inadvertently collide with one another in this representation causing unavailability between them due to conflicting locks.

Basic Information

ID CVE-2026-25612

Source mongodb

Published Feb 10, 2026 at 18:05

Modified Feb 10, 2026 at 18:59

Affected Product

Vendor MongoDB Inc

Product MongoDB Server

Version 8.2

Affected Versions MongoDB Inc MongoDB Server 8.2
MongoDB Inc MongoDB Server 8.0
MongoDB Inc MongoDB Server 7.0

CWE Classification

CWE-412

References

{
    "lastseen": "",
    "description": "The internal locking mechanism of the MongoDB server uses an internal encoding of the resources in order to choose what lock to take. Collections may inadvertently collide with one another in this representation causing unavailability between them due to conflicting locks.",
    "published": "2026-02-10T18:05:23.851Z",
    "modified": "2026-02-10T18:59:27.442Z",
    "type": "cve",
    "title": "Internal ResourceId collision may affect unrelated collections",
    "source": "mongodb",
    "references": "https://jira.mongodb.org/browse/SERVER-114838\nhttps://jira.mongodb.org/browse/SERVER-115296",
    "id": "CVE-2026-25612",
    "bulletinFamily": "",
    "cwe": [
        "CWE-412"
    ],
    "cvelist": null,
    "sourceData": "MongoDB Inc MongoDB Server 8.2\nMongoDB Inc MongoDB Server 8.0\nMongoDB Inc MongoDB Server 7.0",
    "sourceHref": "",
    "cvss": {
        "score": 7.1,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "MongoDB Server",
    "version": "8.2",
    "vendor": "MongoDB Inc",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}