Cybersecurity authorities in the U.S. and Australia are warning that a critical vulnerability in MongoDB and MongoDB Server is being actively exploited in the wild and represents a threat for ...

MongoDB administrators are scrambling to assess exposure after security researchers spotlighted a newly disclosed server flaw that can leak uninitialized heap memory to an unauthenticated remote ...

On Dec 29, 2026, researchers disclosed CVE-2025-14847, a high-severity vulnerability (CVSS 8.7) that lets unauthenticated actors read sensitive data from MongoDB server memory. The flaw, called ...

A recently disclosed security vulnerability in MongoDB has come under active exploitation in the wild, with over 87,000 potentially susceptible instances identified across the world. The vulnerability ...

Dubbed MongoBleed, the high-severity flaw allows unauthenticated, remote attackers to leak sensitive information from MongoDB servers. Threat actors started exploiting a high-severity MongoDB ...

A recently disclosed vulnerability affecting MongoDB instances has been reportedly exploited in the wild. Exploit code has been released for this flaw dubbed MongoBleed. MongoBleed is a memory leak ...

The cybersecurity world is facing a “Heartbleed” moment for the NoSQL era. A critical vulnerability in MongoDB, the world’s most popular non-relational database, is being actively exploited in the ...

According to the details about the vulnerability published shortly before Christmas, attackers can exploit a flaw in the zlib compression software to access non-reset dynamic memory (heap memory).

A high-severity flaw, CVE-2025-14847 (CVSS 8.7), can let unauthenticated clients read uninitialized heap memory. The problem stems from mismatched length fields in zlib-compressed protocol headers.

A high-severity security flaw has been disclosed in MongoDB that could allow unauthenticated users to read uninitialized heap memory. The vulnerability, tracked as CVE-2025-14847 (CVSS score: 8.7), ...