CVE-2025-6706HIGH 8.8EPSS p11.7%

CVE-2025-6706CVE-2025-6706

Description

An authenticated user may trigger a use after free that may result in MongoDB Server crash and other unexpected behavior, even if the user does not have authorization to shut down a server. The crash is triggered on affected versions by issuing an aggregation framework operation using a specific combination of rarely-used aggregation pipeline expressions. This issue affects MongoDB Server v6.0 version prior to 6.0.21, MongoDB Server v7.0 version prior to 7.0.17 and MongoDB Server v8.0 version prior to 8.0.4 when the SBE engine is enabled.

Scoring

CVSS 3.18.8 (HIGH)
VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS0.21% probability of exploitation · percentile 11.7% · 2026-06-19T12:03:05Z
Published2025-06-26
Last modified2025-09-15

Underlying weaknesses· 1

CWE-416

References

  1. https://jira.mongodb.org/browse/SERVER-106746

1

TypeTargetConfidenceTier
WeaknessUse After Freecwe-4160%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-8201
CVE
CVE-2026-9743
CVE
CVE-2026-9750
CVE
CVE-2026-8053
CVE
CVE-2026-9740
CVE
CVE-2026-4148
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.