{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2026-25612","assignerOrgId":"a39b4221-9bd0-4244-95fc-f3e2e07f1deb","state":"PUBLISHED","assignerShortName":"mongodb","dateReserved":"2026-02-03T18:21:58.986Z","datePublished":"2026-02-10T18:05:23.851Z","dateUpdated":"2026-02-10T18:59:27.442Z"},"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","product":"MongoDB Server","vendor":"MongoDB Inc","versions":[{"lessThan":"8.2.4","status":"affected","version":"8.2","versionType":"semver"},{"lessThan":"8.0.18","status":"affected","version":"8.0","versionType":"semver"},{"lessThan":"7.0.29","status":"affected","version":"7.0","versionType":"semver"}]}],"descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"The internal locking mechanism of the MongoDB server uses an internal encoding of the resources in order to choose what lock to take. Collections may inadvertently collide with one another in this representation causing unavailability between them due to conflicting locks."}],"value":"The internal locking mechanism of the MongoDB server uses an internal encoding of the resources in order to choose what lock to take. Collections may inadvertently collide with one another in this representation causing unavailability between them due to conflicting locks."}],"metrics":[{"cvssV4_0":{"Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","Safety":"NOT_DEFINED","attackComplexity":"LOW","attackRequirements":"NONE","attackVector":"NETWORK","baseScore":7.1,"baseSeverity":"HIGH","exploitMaturity":"NOT_DEFINED","privilegesRequired":"LOW","providerUrgency":"NOT_DEFINED","subAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","userInteraction":"NONE","valueDensity":"NOT_DEFINED","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N","version":"4.0","vulnAvailabilityImpact":"HIGH","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnerabilityResponseEffort":"NOT_DEFINED"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]},{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":6.5,"baseSeverity":"MEDIUM","confidentialityImpact":"NONE","integrityImpact":"NONE","privilegesRequired":"LOW","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-412","description":"CWE-412 Unrestricted Externally Accessible Lock","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"a39b4221-9bd0-4244-95fc-f3e2e07f1deb","shortName":"mongodb","dateUpdated":"2026-02-10T18:05:23.851Z"},"references":[{"url":"https://jira.mongodb.org/browse/SERVER-114838"},{"url":"https://jira.mongodb.org/browse/SERVER-115296"}],"source":{"discovery":"UNKNOWN"},"title":"Internal ResourceId collision may affect unrelated collections","x_generator":{"engine":"Vulnogram 0.5.0"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2026-02-10T18:59:20.305133Z","id":"CVE-2026-25612","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2026-02-10T18:59:27.442Z"}}]}}