CVE-2026-1848
- Source
- https://cve.org/CVERecord?id=CVE-2026-1848
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-1848.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2026-1848
- Aliases
- Downstream
- Published
- 2026-02-10T19:15:51.333Z
- Modified
- 2026-02-28T04:46:28.305609Z
- Severity
-
- 8.2 (High) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X CVSS Calculator
- Summary
- [none]
- Details
-
Connections received from the proxy port may not count towards total accepted connections, resulting in server crashes if the total number of connections exceeds available resources. This only applies to connections accepted from the proxy port, pending the proxy protocol header.
- References
Affected packages
Git / github.com/mongodb/mongo
Affected versions
r7.*
r7.0.0
r7.0.1
r7.0.1-rc0
r7.0.10
r7.0.10-rc0
r7.0.11
r7.0.11-rc0
r7.0.11-rc1
r7.0.11-rc2
r7.0.12
r7.0.12-rc0
r7.0.12-rc1
r7.0.13
r7.0.13-rc0
r7.0.13-rc1
r7.0.14
r7.0.14-rc0
r7.0.15
r7.0.15-rc0
r7.0.15-rc1
r7.0.16
r7.0.16-rc0
r7.0.16-rc1
r7.0.17
r7.0.18
r7.0.2
r7.0.2-rc0
r7.0.2-rc1
r7.0.2-rc2
r7.0.21
r7.0.21-alpha0
r7.0.21-rc0
r7.0.22
r7.0.22-rc0
r7.0.23
r7.0.23-rc0
r7.0.23-rc1
r7.0.24
r7.0.24-rc0
r7.0.25-alpha0
r7.0.26
r7.0.26-rc0
r7.0.27-alpha0
r7.0.28
r7.0.3
r7.0.3-rc0
r7.0.3-rc1
r7.0.4
r7.0.4-rc0
r7.0.5
r7.0.5-rc0
r7.0.6
r7.0.6-rc0
r7.0.7
r7.0.7-rc0
r7.0.7-rc1
r7.0.7-rc2
r7.0.8
r7.0.8-rc0
r7.0.9
r7.0.9-rc0
r7.0.9-rc1
r8.*
r8.0.0
r8.0.1
r8.0.1-rc0
r8.0.10
r8.0.10-rc0
r8.0.12
r8.0.12-rc0
r8.0.13
r8.0.13-rc0
r8.0.13-rc1
r8.0.13-rc2
r8.0.14
r8.0.14-rc0
r8.0.14-rc1
r8.0.16
r8.0.16-rc0
r8.0.16-rc1
r8.0.17
r8.0.17-alpha0
r8.0.2
r8.0.3
r8.0.4
r8.0.4-rc0
r8.0.5
r8.0.5-rc0
r8.0.5-rc1
r8.0.5-rc2
r8.0.6
r8.2.0
r8.2.1
r8.2.1-rc0
r8.2.1-rc1
r8.2.2
r8.2.2-rc0
r8.2.3
r8.2.3-alpha0
Database specific
vanir_signatures
[
{
"id": "CVE-2026-1848-11152403",
"signature_version": "v1",
"deprecated": false,
"source": "https://github.com/mongodb/mongo/commit/b20a51078fbcb65bb0ad3492a8e62cd345e55e7d",
"target": {
"function": "startTransactionWithNoopFind",
"file": "src/mongo/db/s/config/sharding_catalog_manager.cpp"
},
"digest": {
"length": 280.0,
"function_hash": "305528444208540451351960802928515590349"
},
"signature_type": "Function"
},
{
"id": "CVE-2026-1848-1205aebe",
"signature_version": "v1",
"deprecated": false,
"source": "https://github.com/mongodb/mongo/commit/b20a51078fbcb65bb0ad3492a8e62cd345e55e7d",
"target": {
"file": "src/mongo/transport/service_entry_point_test_fixture.h"
},
"digest": {
"threshold": 0.9,
"line_hashes": [
"6442597535841258911139256688688477832",
"177172381922231396820667381571488637221",
"306348606324711162838549853502094017876",
"207724830409366119249018116735201433403",
"132499882599489032804408205345896280486",
"32586607515698236061694440046859960340",
"26408653834493112742520430628306797825",
"159020269149612898820798801022892812166"
]
},
"signature_type": "Line"
},
{
"id": "CVE-2026-1848-1e437297",
"signature_version": "v1",
"deprecated": false,
"source": "https://github.com/mongodb/mongo/commit/b20a51078fbcb65bb0ad3492a8e62cd345e55e7d",
"target": {
"function": "TEST_F",
"file": "src/mongo/db/service_entry_point_shard_role_test.cpp"
},
"digest": {
"length": 117.0,
"function_hash": "289668717566466655472755302638673409439"
},
"signature_type": "Function"
},
{
"id": "CVE-2026-1848-2cba34f3",
"signature_version": "v1",
"deprecated": false,
"source": "https://github.com/mongodb/mongo/commit/b20a51078fbcb65bb0ad3492a8e62cd345e55e7d",
"target": {
"file": "src/mongo/db/transaction/transaction_api_test.cpp"
},
"digest": {
"threshold": 0.9,
"line_hashes": [
"167801979968092107943205547019104502918",
"58839435764924158157764250968832902241",
"68025228826551285723495975101614491455",
"5118214404409422680438099734981968579",
"80112679352549351917572775995921624584",
"97508629014354451894651354688540878041",
"23502788933341525975580622271442997476",
"47949952204320095828742389480994892831",
"191342700968128473336028761620781324842",
"47673721168840037531556769051016435125",
"264419834374256533606497624390110812630",
"250006247003111051534500482609259781099",
"140753007258760910310378478385469602313",
"177171754362974361908640566381172133842",
"297911758142358858065196021763910434782",
"251506250417219870022847086485205416198"
]
},
"signature_type": "Line"
},
{
"id": "CVE-2026-1848-3bb1f255",
"signature_version": "v1",
"deprecated": false,
"source": "https://github.com/mongodb/mongo/commit/b20a51078fbcb65bb0ad3492a8e62cd345e55e7d",
"target": {
"function": "ExecCommandDatabase::_extractReadConcern",
"file": "src/mongo/db/service_entry_point_shard_role.cpp"
},
"digest": {
"length": 3128.0,
"function_hash": "34272164936780367790751856496131751811"
},
"signature_type": "Function"
},
{
"id": "CVE-2026-1848-3cbaf31d",
"signature_version": "v1",
"deprecated": false,
"source": "https://github.com/mongodb/mongo/commit/b20a51078fbcb65bb0ad3492a8e62cd345e55e7d",
"target": {
"file": "src/mongo/db/transaction/transaction_api.cpp"
},
"digest": {
"threshold": 0.9,
"line_hashes": [
"163267671438902487965016178165920402288",
"27415532392423112462601401411058626286",
"217932226440546102133094964333230790037",
"210529790061984795621713142315859574222",
"72235466765482926106557305010371018078",
"62434754359289974887236503089141346911",
"161766711926130074758215484277492441256",
"275977475335210918817634160646175621535"
]
},
"signature_type": "Line"
},
{
"id": "CVE-2026-1848-49f16a4b",
"signature_version": "v1",
"deprecated": false,
"source": "https://github.com/mongodb/mongo/commit/b20a51078fbcb65bb0ad3492a8e62cd345e55e7d",
"target": {
"function": "assertTxnMetadata",
"file": "src/mongo/db/transaction/transaction_api_test.cpp"
},
"digest": {
"length": 1149.0,
"function_hash": "331024159238850329283115071024681166434"
},
"signature_type": "Function"
},
{
"id": "CVE-2026-1848-58dde2cd",
"signature_version": "v1",
"deprecated": false,
"source": "https://github.com/mongodb/mongo/commit/b20a51078fbcb65bb0ad3492a8e62cd345e55e7d",
"target": {
"function": "ConfigServerTestFixture::setUp",
"file": "src/mongo/db/s/config/config_server_test_fixture.cpp"
},
"digest": {
"length": 1448.0,
"function_hash": "125233207605081029597940030469262454110"
},
"signature_type": "Function"
},
{
"id": "CVE-2026-1848-65258a2c",
"signature_version": "v1",
"deprecated": false,
"source": "https://github.com/mongodb/mongo/commit/b20a51078fbcb65bb0ad3492a8e62cd345e55e7d",
"target": {
"file": "src/mongo/db/write_concern.cpp"
},
"digest": {
"threshold": 0.9,
"line_hashes": [
"310585253884184061401370201190341183132",
"309786846021875615526106238361160742104",
"301169372271025933633591007832276416258",
"216472499509178570419921544621041838251",
"17490447648610604377603689017862083720"
]
},
"signature_type": "Line"
},
{
"id": "CVE-2026-1848-6599f45b",
"signature_version": "v1",
"deprecated": false,
"source": "https://github.com/mongodb/mongo/commit/b20a51078fbcb65bb0ad3492a8e62cd345e55e7d",
"target": {
"function": "ServiceEntryPointTestFixture::testReadConcernClientUnspecifiedWithDefault",
"file": "src/mongo/transport/service_entry_point_test_fixture.cpp"
},
"digest": {
"length": 809.0,
"function_hash": "160602667713099043002051033920237139231"
},
"signature_type": "Function"
},
{
"id": "CVE-2026-1848-70bdbc7c",
"signature_version": "v1",
"deprecated": false,
"source": "https://github.com/mongodb/mongo/commit/b20a51078fbcb65bb0ad3492a8e62cd345e55e7d",
"target": {
"file": "src/mongo/db/s/config/config_server_test_fixture.cpp"
},
"digest": {
"threshold": 0.9,
"line_hashes": [
"70250039300352553566598357154118535366",
"104560383920126788290085956444995068138",
"219300687427653805493906212326451451985",
"113441421423472988441791039611622294745"
]
},
"signature_type": "Line"
},
{
"id": "CVE-2026-1848-76cf00c4",
"signature_version": "v1",
"deprecated": false,
"source": "https://github.com/mongodb/mongo/commit/b20a51078fbcb65bb0ad3492a8e62cd345e55e7d",
"target": {
"function": "extractWriteConcern",
"file": "src/mongo/db/write_concern.cpp"
},
"digest": {
"length": 2955.0,
"function_hash": "149260258575790320439136091069755514622"
},
"signature_type": "Function"
},
{
"id": "CVE-2026-1848-796083b5",
"signature_version": "v1",
"deprecated": false,
"source": "https://github.com/mongodb/mongo/commit/b20a51078fbcb65bb0ad3492a8e62cd345e55e7d",
"target": {
"function": "TEST_F",
"file": "src/mongo/db/service_entry_point_shard_role_test.cpp"
},
"digest": {
"length": 118.0,
"function_hash": "333356571540405125484660083605463206626"
},
"signature_type": "Function"
},
{
"id": "CVE-2026-1848-7c3ed14e",
"signature_version": "v1",
"deprecated": false,
"source": "https://github.com/mongodb/mongo/commit/b20a51078fbcb65bb0ad3492a8e62cd345e55e7d",
"target": {
"file": "src/mongo/s/service_entry_point_router_role_test.cpp"
},
"digest": {
"threshold": 0.9,
"line_hashes": [
"168124525933290532743475639259663473013",
"334487322807439084883846727751153219713",
"137604796157832752307828468052344976771",
"50199835474120903131230387887763092247",
"139601746613567041998844523066811499970",
"320085823295895983957422410151698070736",
"93326697108412168045620852033204553042",
"140410195637718990246940769884121029802"
]
},
"signature_type": "Line"
},
{
"id": "CVE-2026-1848-919cdf9e",
"signature_version": "v1",
"deprecated": false,
"source": "https://github.com/mongodb/mongo/commit/b20a51078fbcb65bb0ad3492a8e62cd345e55e7d",
"target": {
"file": "src/mongo/db/s/config/sharding_catalog_manager.cpp"
},
"digest": {
"threshold": 0.9,
"line_hashes": [
"32882031860665378703583285376629755172",
"315129528805751626982856306350685274914",
"22321423898808940018666103051405415926",
"174610489001338625239557080313040522399"
]
},
"signature_type": "Line"
},
{
"id": "CVE-2026-1848-98bd214a",
"signature_version": "v1",
"deprecated": false,
"source": "https://github.com/mongodb/mongo/commit/b20a51078fbcb65bb0ad3492a8e62cd345e55e7d",
"target": {
"function": "ServiceEntryPointTestFixture::testWriteConcernClientUnspecifiedWithDefault",
"file": "src/mongo/transport/service_entry_point_test_fixture.cpp"
},
"digest": {
"length": 314.0,
"function_hash": "157487664902846360921524853622103083062"
},
"signature_type": "Function"
},
{
"id": "CVE-2026-1848-9b91e8ce",
"signature_version": "v1",
"deprecated": false,
"source": "https://github.com/mongodb/mongo/commit/b20a51078fbcb65bb0ad3492a8e62cd345e55e7d",
"target": {
"file": "src/mongo/transport/service_entry_point_test_fixture.cpp"
},
"digest": {
"threshold": 0.9,
"line_hashes": [
"270408350289191108889914507947444390115",
"212949360059574994558625798625415046598",
"157157826315523737692982993425469339923",
"1780707840214783432905051964353791731",
"68726416736973174225485305550442980793",
"98651702476741301119068615689889723662",
"151196318887321817514473570369574846321",
"245383377746960752436378905821486201261",
"21842936174620178781924037033901957213",
"62497246466435274782565115157937956527",
"292331787516350019080442194883951885648",
"3229451142317053846692134171063534040",
"192375203382496852684337330594201810000",
"166285228291700337361492597566881513832",
"81676199609790313241732278034552561512",
"83162563709011816286485804862066375912",
"59386831582943056849479969157467680334",
"273084840210082369393615374426615500018",
"240496666279383582563001194757153299368",
"180999660598575891682686266580007074267",
"237200478425323661548589675565567018988",
"300250922062770543824101848053764174623",
"305328178667357451147491783937744310463",
"278801891906741290682618292329780514948",
"80814181479296914411391285350160432632",
"267028202194319268240594501286866677007",
"151161765668373793655375144698474986520",
"321077549732875389487672481929564428189",
"56327365750565195105252522455129018043",
"95439248160937449564634895023753117211",
"74652865406017193685231948080791739683",
"61443172692118028689207459717572606837",
"218959104273088564631000502561198353058"
]
},
"signature_type": "Line"
},
{
"id": "CVE-2026-1848-a785a388",
"signature_version": "v1",
"deprecated": false,
"source": "https://github.com/mongodb/mongo/commit/b20a51078fbcb65bb0ad3492a8e62cd345e55e7d",
"target": {
"file": "src/mongo/db/service_entry_point_shard_role_test.cpp"
},
"digest": {
"threshold": 0.9,
"line_hashes": [
"40543877906284689336709633401920976650",
"209986185895883185190952490965512505069",
"190066440913797087743030648446652292021",
"61279044509929413660793894920496031595",
"187940866889404922545334147950045087467",
"116620514520168006345987715612234323645",
"301880590417632975419195301693736458086",
"186180173142956144942201682013772483553",
"113430769786637535979198661776199188054",
"77678142381061029173877809592603396941",
"120644906188939883066954005030729734816",
"18606123507613767315657914628157863012",
"288437451841694080843120465107467843431",
"94264074916132012662918278867904492041",
"143516956861287516678038366184230741940",
"140410195637718990246940769884121029802"
]
},
"signature_type": "Line"
},
{
"id": "CVE-2026-1848-b3f79aa4",
"signature_version": "v1",
"deprecated": false,
"source": "https://github.com/mongodb/mongo/commit/b409fb494004bf0f7284059b806b3b751a2ec5d9",
"target": {
"file": "src/mongo/db/service_entry_point_common.cpp"
},
"digest": {
"threshold": 0.9,
"line_hashes": [
"11272611040114298527385613556453291829",
"175117650864466198429070599697755025763",
"259372737161260841017051100781998432651",
"190191220307360414594805946771026217001",
"29054105381567763046288516247318577171",
"80859590129831648960865656848228415255",
"259393610319526121774434945054847506142"
]
},
"signature_type": "Line"
},
{
"id": "CVE-2026-1848-b50a3bee",
"signature_version": "v1",
"deprecated": false,
"source": "https://github.com/mongodb/mongo/commit/b409fb494004bf0f7284059b806b3b751a2ec5d9",
"target": {
"function": "ExecCommandDatabase::_initiateCommand",
"file": "src/mongo/db/service_entry_point_common.cpp"
},
"digest": {
"length": 9728.0,
"function_hash": "59615453827642453525115701432201606392"
},
"signature_type": "Function"
},
{
"id": "CVE-2026-1848-b7a8bb50",
"signature_version": "v1",
"deprecated": false,
"source": "https://github.com/mongodb/mongo/commit/b20a51078fbcb65bb0ad3492a8e62cd345e55e7d",
"target": {
"file": "src/mongo/db/s/config/config_server_test_fixture.h"
},
"digest": {
"threshold": 0.9,
"line_hashes": [
"223733269869404547584740065625489129990",
"232526878712390506928089086318522386429",
"312211187334004152152355710891423235708",
"213523041952038274129584885749590796637",
"63816678897582340592010322522635144869",
"202739312977538015309030661320396396301",
"5640734047447192712996691422424790477"
]
},
"signature_type": "Line"
},
{
"id": "CVE-2026-1848-d527c13a",
"signature_version": "v1",
"deprecated": false,
"source": "https://github.com/mongodb/mongo/commit/b20a51078fbcb65bb0ad3492a8e62cd345e55e7d",
"target": {
"file": "src/mongo/db/service_entry_point_shard_role.cpp"
},
"digest": {
"threshold": 0.9,
"line_hashes": [
"224443834479044876374834883155602208700",
"136764157752828070060418269549868845907",
"32845849929609891773695523888527767929",
"76771004241108303450068387151504645744",
"139786248586504278007122766493096039305",
"240425744207224996205473906063132895875",
"68404724451839394416898881774498477718",
"109684164898498464588057281986327864311"
]
},
"signature_type": "Line"
},
{
"id": "CVE-2026-1848-ed491639",
"signature_version": "v1",
"deprecated": false,
"source": "https://github.com/mongodb/mongo/commit/b20a51078fbcb65bb0ad3492a8e62cd345e55e7d",
"target": {
"function": "Transaction::_primeTransaction",
"file": "src/mongo/db/transaction/transaction_api.cpp"
},
"digest": {
"length": 2644.0,
"function_hash": "256124119208790541351899426569997218611"
},
"signature_type": "Function"
}
]
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-1848.json"