Cyber Posture

CVE-2026-25611

High

Published: 10 February 2026

Published
10 February 2026
Modified
15 April 2026
KEV Added
Patch
CVSS Score 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score 0.0006 17.6th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-25611 is a high-severity Amplification (CWE-405) vulnerability in Mongodb (inferred from references). Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 17.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

Threat & Defense at a Glance

What attackers do: exploitation maps to Application or System Exploitation (T1499.004).
Threat & Defense Details

Likely Mitigating ControlsAI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

CP-7 Alternate Processing Site
addresses: CWE-405

Reduces impact of amplification attacks that overwhelm the primary site by allowing operations to shift to an equivalent alternate site.

CP-8 Telecommunications Services
addresses: CWE-405

Alternate services reduce the impact of amplification attacks that exhaust primary telecommunications resources.

SC-47 Alternate Communications Paths
addresses: CWE-405

Amplification attacks that exhaust the primary path are mitigated by the existence of an independent alternate path for command traffic.

SC-5 Denial-of-service Protection
addresses: CWE-405

Employs controls that mitigate amplification attacks causing asymmetric resource use.

SC-6 Resource Availability
addresses: CWE-405

Limits amplification effects by controlling how resources are allocated under high-volume or recursive load.

MITRE ATT&CK Enterprise TechniquesAI

T1499.004 Application or System Exploitation Impact
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
attack.mitre.org →
Why these techniques?

CVE enables direct exploitation of MongoDB server vulnerability to trigger memory exhaustion and crash, matching T1499.004 (Application or System Exploitation) for Endpoint Denial of Service.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

A series of specifically crafted, unauthenticated messages can exhaust available memory and crash a MongoDB server.

Deeper analysisAI

CVE-2026-25611 is a denial-of-service vulnerability affecting MongoDB servers, where a series of specifically crafted, unauthenticated messages can exhaust available memory resources and cause the server to crash. Published on 2026-02-10, it carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) and is classified under CWE-405, indicating asymmetric resource consumption.

Attackers with network access can exploit this vulnerability without authentication or user interaction, requiring only low attack complexity. Exploitation involves sending the crafted messages to trigger memory exhaustion, resulting in a complete server crash and denial of service with high availability impact, but no effects on confidentiality or integrity.

MongoDB has documented the issue and related fixes in JIRA tickets SERVER-116206, SERVER-116210, and SERVER-116211, which serve as primary references for advisories and patch information.

Details

CWE(s)
CWE-405

Affected Products

Mongodb
inferred from references and description; NVD did not file a CPE for this CVE

CVEs Like This One

CVE-2026-22775Shared CWE-405
CVE-2025-30204Shared CWE-405
CVE-2026-22774Shared CWE-405
CVE-2025-53633Shared CWE-405
CVE-2026-0485Shared CWE-405
CVE-2024-55628Shared CWE-405
CVE-2025-24356Shared CWE-405
CVE-2024-11187Shared CWE-405

References