An authorization flaw in the user management command could allow an authenticated user to make limited changes to authentication-related data associated with another user account. This could affect how authentication is performed for the impacted account.
{
"cna_assigner": "mongodb",
"cwe_ids": [
"CWE-1284"
],
"unresolved_ranges": [
{
"source": "AFFECTED_FIELD",
"extracted_events": [
{
"introduced": "8.2.0"
},
{
"fixed": "8.2.7"
},
{
"introduced": "8.0.0"
},
{
"fixed": "8.0.21"
},
{
"introduced": "7.0.0"
},
{
"fixed": "7.0.32"
}
]
}
],
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/6xxx/CVE-2026-6915.json"
}{
"source": "CPE_RANGE",
"cpe": "cpe:2.3:a:mongodb:mongodb:*:*:*:*:-:*:*:*",
"extracted_events": [
{
"introduced": "7.0.0"
},
{
"fixed": "7.0.32"
},
{
"introduced": "8.0.0"
},
{
"fixed": "8.0.21"
},
{
"introduced": "8.2.0"
},
{
"fixed": "8.2.7"
}
]
}"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-6915.json"
[
{
"id": "CVE-2026-6915-3ef5e661",
"signature_type": "Function",
"signature_version": "v1",
"source": "https://github.com/mongodb/mongo/commit/08e0c4612b855c4e73385c2ec838588f82d8a19b",
"deprecated": false,
"digest": {
"function_hash": "164686043380698660719722351152006285402",
"length": 2908.0
},
"target": {
"function": "mongod_main",
"file": "src/mongo/db/mongod_main.cpp"
}
},
{
"id": "CVE-2026-6915-4f010fbc",
"signature_type": "Line",
"signature_version": "v1",
"source": "https://github.com/mongodb/mongo/commit/08e0c4612b855c4e73385c2ec838588f82d8a19b",
"deprecated": false,
"digest": {
"threshold": 0.9,
"line_hashes": [
"179215270457449443453579291868469199727",
"33556446067133974934969847839402282197",
"29350364556964231604783587715398600263",
"57726341186909301783117793920654563686",
"136845089925583489291724266187596164684",
"305634184878952065582817930778120911044",
"172837088109626467133187672572056083021"
]
},
"target": {
"file": "src/mongo/db/mongod_main.cpp"
}
},
{
"id": "CVE-2026-6915-74d68245",
"signature_type": "Line",
"signature_version": "v1",
"source": "https://github.com/mongodb/mongo/commit/08e0c4612b855c4e73385c2ec838588f82d8a19b",
"deprecated": false,
"digest": {
"threshold": 0.9,
"line_hashes": [
"113943198681305830374459943796736910273",
"284155681462991298677336326783867736476",
"322305722881740005680917803045236736977",
"91774852827086589335342822882248207662",
"229647983256621488789011376734284527782",
"281813804611164678198537084954231215930",
"244936745804740692166401377847527106794"
]
},
"target": {
"file": "src/mongo/s/mongos_main.cpp"
}
},
{
"id": "CVE-2026-6915-8f2fa9a0",
"signature_type": "Function",
"signature_version": "v1",
"source": "https://github.com/mongodb/mongo/commit/08e0c4612b855c4e73385c2ec838588f82d8a19b",
"deprecated": false,
"digest": {
"function_hash": "79148053720149972531027689719546447436",
"length": 2005.0
},
"target": {
"function": "mongos_main",
"file": "src/mongo/s/mongos_main.cpp"
}
}
]
"2026-07-15T21:28:11Z"