CVE-2026-25613 in Server
Summary
by MITRE • 02/10/2026
An authorized user may disable the MongoDB server by issuing a query against a collection that contains an invalid compound wildcard index.
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
Analysis
by VulDB Data Team • 02/26/2026
This vulnerability resides in the MongoDB database system where an authenticated user can potentially cause a denial of service condition by manipulating compound wildcard indexes within collections. The flaw specifically manifests when a user issues a query against a collection containing an invalid compound wildcard index, which can lead to the complete shutdown of the MongoDB server instance. This represents a critical security issue as it allows authenticated users to disrupt database operations without requiring elevated privileges or administrative access. The vulnerability impacts MongoDB deployments where compound wildcard indexes are utilized, particularly in environments where multiple users have database access rights. According to CWE classification, this vulnerability maps to CWE-400: Uncontrolled Resource Consumption, as the malformed index query consumes excessive system resources leading to service unavailability. The technical implementation involves the database engine's handling of invalid compound wildcard index structures during query execution, where the system fails to properly validate index integrity before processing user requests. This issue directly aligns with ATT&CK technique T1499.004: Endpoint Denial of Service, as it enables an attacker to disrupt database services through resource exhaustion or system instability.
The operational impact of this vulnerability extends beyond simple service disruption as it can affect database availability for all legitimate users within the system. When the MongoDB server becomes unresponsive due to this flaw, applications relying on database operations will experience timeouts and failures, potentially leading to cascading system failures across dependent services. The vulnerability particularly affects environments with complex indexing strategies where compound wildcard indexes are common, such as those used in analytics platforms or systems requiring flexible data querying capabilities. Organizations may experience significant downtime during exploitation attempts, with recovery requiring manual intervention to restart services or repair corrupted index structures. The resource consumption pattern typically involves excessive memory allocation and CPU usage during query processing, eventually leading to system resource exhaustion. This vulnerability can be exploited through standard database client connections, making it accessible to any user with valid authentication credentials and appropriate permissions to access the affected collections.
Mitigation strategies should focus on immediate patching of affected MongoDB versions, implementing strict access controls to limit database modification privileges, and establishing monitoring for abnormal query patterns that may indicate exploitation attempts. Organizations should conduct thorough audits of their compound wildcard index usage and validate index integrity regularly. The recommended approach includes disabling or removing problematic compound wildcard indexes until proper patches are applied, while implementing database activity monitoring to detect anomalous query behaviors. Database administrators should also consider implementing read-only access controls for collections containing potentially problematic indexes, and establish automated alerting systems for unusual resource consumption patterns. Additionally, organizations should review their database access policies to ensure that only authorized personnel have the ability to modify collection structures. Compliance with industry standards such as ISO 27001 and NIST SP 800-53 requires implementing these controls to maintain system availability and integrity. The vulnerability highlights the importance of proper input validation and resource management in database systems, emphasizing that even authenticated users should be constrained from performing operations that can destabilize core infrastructure components.