Alert GCSA-26091 - Vulnerabilita' in MongoDB
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
******************************************************************
alert ID: GCSA-26091
data: 20 maggio 2026
titolo: Vulnerabilita' in MongoDB
******************************************************************
:: Descrizione del problema
Sono state rilasciate nuove versioni del database MongoDB
che risolvono varie vulnerabilita', anche di livello alto.
Maggiori informazioni sono disponibili alla sezione "Riferimenti".
:: Software interessato
MongoDB Server versioni precedenti alla 7.0.34
MongoDB Server versioni precedenti alla 8.0.23
MongoDB Server versioni precedenti alla 8.2.9
MongoDB Server versioni precedenti alla 8.3.2
:: Impatto
Denial of Service (DoS)
Accesso a dati riservati (ID)
Esecuzione remota di codice arbitrario (RCE)
Bypass delle funzionalita' di sicurezza (SFB)
Falsificazione dei dati (Spoofing)
:: Soluzione
Aggiornare il prodotto all'ultima versione.
https://www.mongodb.com/docs/manual/tutorial/upgrade-revision/
Release Notes for MongoDB 8.3.2 - May 12, 2026
https://www.mongodb.com/docs/manual/release-notes/8.3/#std-label-release-notes-8.3
Release Notes for MongoDB 8.2.9 - May 12, 2026
https://www.mongodb.com/docs/manual/release-notes/8.2/#std-label-release-notes-8.2
:: Riferimenti
https://www.mongodb.com/resources/products/alerts#security
MongoDB - Core Server Issues
https://jira.mongodb.org/browse/SERVER-116327
https://jira.mongodb.org/browse/SERVER-115508
https://jira.mongodb.org/browse/SERVER-126021
https://jira.mongodb.org/browse/SERVER-121610
https://jira.mongodb.org/browse/SERVER-120668
https://jira.mongodb.org/browse/SERVER-122032
https://jira.mongodb.org/browse/SERVER-122449
https://jira.mongodb.org/browse/SERVER-121851
https://jira.mongodb.org/browse/SERVER-119679
https://jira.mongodb.org/browse/SERVER-119981
https://jira.mongodb.org/browse/CDRIVER-6134
Mitre CVE
https://www.cve.org/CVERecord?id=CVE-2026-8843
https://www.cve.org/CVERecord?id=CVE-2026-8053
https://www.cve.org/CVERecord?id=CVE-2026-8063
https://www.cve.org/CVERecord?id=CVE-2026-6691
https://www.cve.org/CVERecord?id=CVE-2026-8199
https://www.cve.org/CVERecord?id=CVE-2026-8200
https://www.cve.org/CVERecord?id=CVE-2026-8201
https://www.cve.org/CVERecord?id=CVE-2026-8202
https://www.cve.org/CVERecord?id=CVE-2026-8336
https://www.cve.org/CVERecord?id=CVE-2026-8431
https://www.cve.org/CVERecord?id=CVE-2026-6811
https://www.cve.org/CVERecord?id=CVE-2026-6914
https://www.cve.org/CVERecord?id=CVE-2026-6915
GARR CERT Security Alert - subscribe/unsubscribe:
https://www.cert.garr.it/alert/ricevi-gli-alert-di-cert
-----BEGIN PGP SIGNATURE-----
iF0EAREIAB0WIQTGpdiR5MqstacBGHbBnEyTZRJgQgUCag3CbgAKCRDBnEyTZRJg
Qn9oAKDA4yGE75RHYZ1QZCQhs+8Fpl2QjQCgjxH5vuc5FIWxhzvXd9HmVDe1UCQ=
=YjOw
-----END PGP SIGNATURE-----
Hash: SHA256
******************************************************************
alert ID: GCSA-26091
data: 20 maggio 2026
titolo: Vulnerabilita' in MongoDB
******************************************************************
:: Descrizione del problema
Sono state rilasciate nuove versioni del database MongoDB
che risolvono varie vulnerabilita', anche di livello alto.
Maggiori informazioni sono disponibili alla sezione "Riferimenti".
:: Software interessato
MongoDB Server versioni precedenti alla 7.0.34
MongoDB Server versioni precedenti alla 8.0.23
MongoDB Server versioni precedenti alla 8.2.9
MongoDB Server versioni precedenti alla 8.3.2
:: Impatto
Denial of Service (DoS)
Accesso a dati riservati (ID)
Esecuzione remota di codice arbitrario (RCE)
Bypass delle funzionalita' di sicurezza (SFB)
Falsificazione dei dati (Spoofing)
:: Soluzione
Aggiornare il prodotto all'ultima versione.
https://www.mongodb.com/docs/manual/tutorial/upgrade-revision/
Release Notes for MongoDB 8.3.2 - May 12, 2026
https://www.mongodb.com/docs/manual/release-notes/8.3/#std-label-release-notes-8.3
Release Notes for MongoDB 8.2.9 - May 12, 2026
https://www.mongodb.com/docs/manual/release-notes/8.2/#std-label-release-notes-8.2
:: Riferimenti
https://www.mongodb.com/resources/products/alerts#security
MongoDB - Core Server Issues
https://jira.mongodb.org/browse/SERVER-116327
https://jira.mongodb.org/browse/SERVER-115508
https://jira.mongodb.org/browse/SERVER-126021
https://jira.mongodb.org/browse/SERVER-121610
https://jira.mongodb.org/browse/SERVER-120668
https://jira.mongodb.org/browse/SERVER-122032
https://jira.mongodb.org/browse/SERVER-122449
https://jira.mongodb.org/browse/SERVER-121851
https://jira.mongodb.org/browse/SERVER-119679
https://jira.mongodb.org/browse/SERVER-119981
https://jira.mongodb.org/browse/CDRIVER-6134
Mitre CVE
https://www.cve.org/CVERecord?id=CVE-2026-8843
https://www.cve.org/CVERecord?id=CVE-2026-8053
https://www.cve.org/CVERecord?id=CVE-2026-8063
https://www.cve.org/CVERecord?id=CVE-2026-6691
https://www.cve.org/CVERecord?id=CVE-2026-8199
https://www.cve.org/CVERecord?id=CVE-2026-8200
https://www.cve.org/CVERecord?id=CVE-2026-8201
https://www.cve.org/CVERecord?id=CVE-2026-8202
https://www.cve.org/CVERecord?id=CVE-2026-8336
https://www.cve.org/CVERecord?id=CVE-2026-8431
https://www.cve.org/CVERecord?id=CVE-2026-6811
https://www.cve.org/CVERecord?id=CVE-2026-6914
https://www.cve.org/CVERecord?id=CVE-2026-6915
GARR CERT Security Alert - subscribe/unsubscribe:
https://www.cert.garr.it/alert/ricevi-gli-alert-di-cert
-----BEGIN PGP SIGNATURE-----
iF0EAREIAB0WIQTGpdiR5MqstacBGHbBnEyTZRJgQgUCag3CbgAKCRDBnEyTZRJg
Qn9oAKDA4yGE75RHYZ1QZCQhs+8Fpl2QjQCgjxH5vuc5FIWxhzvXd9HmVDe1UCQ=
=YjOw
-----END PGP SIGNATURE-----