InfoSecBulletin Cybersecurity for mankind
A new vulnerability, CVE-2026-25611 (CVSS 7.5), has been found in MongoDB, enabling attackers to crash open servers with little bandwidth.
According to Cato CTRL, it affects all MongoDB versions where compression is enabled (v3.4+, on by default since v3.6), including MongoDB Atlas. Shodan data shows that over 207,000 MongoDB instances are publicly accessible and at risk.
OpenAI unveils its first custom chip, Named Jalapeño
Bajaj Auto System Hit by a Ransomware Attack
Cisco Unified CM flaw CVE-2026-20230 exploited in attacks
LastPass says hackers stole customer data via Klue, supply chain breach
New Apple Exploit Bypasses Boot Defenses, Possibly Affects Millions of iPhones Worldwide
India’s Tata Electronics hit by cyber breach: Hacker target 630 GB record
Anthropic’s Mythos reportedly broke NSA classified systems in hours
OpenAI New Method “Deployment Simulation” Predicts AI Risks Before Deployment
AryStinger botnet infected thousands of D-Link routers globally
Hacker suspected of sending alerts across Brazil
Attack Mechanism
The vulnerability exists in MongoDB’s wire protocol compression mechanism, known as OP_COMPRESSED. Cato CTRL states that when a server gets a compressed message, it allocates memory using the uncompressedSize provided by the attacker before checking the real decompressed size.
An attacker can send a small 47KB zlib-compressed packet while pretending it is 48MB uncompressed. SentinelOne reports that the server allocates 48MB for each connection, leading to a high memory amplification ratio of 1,027:1.
By opening multiple concurrent connections, the attacker quickly exhausts the server’s RAM, triggering an Out-of-Memory (OOM) kernel kill with exit code 137. Network defenders should watch for many TCP connections to port 27017 from one source, especially if connections are quickly made but idle.
Administrators must quickly update to patched MongoDB versions: 8.2.4, 8.0.18, or 7.0.29 to address this threat.
