Home / mailings [USN-8160-1] MongoDB vulnerability
Posted on 10 April 2026
Ubuntu Security==========================================================================Ubuntu Security Notice USN-8160-1
April 09, 2026
mongodb vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
Summary:
MongoDB could be made to expose sensitive information over the
network.
Software Description:
- mongodb: object/document-oriented database
Details:
It was discovered that MongoDB incorrectly handled length parameters
in zlib-compressed network messages prior to authentication. An
unauthenticated remote attacker could possibly use this issue to
cause MongoDB to allocate an oversized memory buffer, resulting
in the exposure of sensitive information.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 20.04 LTS
mongodb 1:3.6.9+really3.6.8+90~g8e540c0b6d-0ubuntu5.3+esm1
Available with Ubuntu Pro
mongodb-clients 1:3.6.9+really3.6.8+90~g8e540c0b6d-0ubuntu5.3+esm1
Available with Ubuntu Pro
mongodb-server 1:3.6.9+really3.6.8+90~g8e540c0b6d-0ubuntu5.3+esm1
Available with Ubuntu Pro
mongodb-server-core 1:3.6.9+really3.6.8+90~g8e540c0b6d-0ubuntu5.3+esm1
Available with Ubuntu Pro
Ubuntu 18.04 LTS
mongodb 1:3.6.3-0ubuntu1.4+esm2
Available with Ubuntu Pro
mongodb-clients 1:3.6.3-0ubuntu1.4+esm2
Available with Ubuntu Pro
mongodb-server 1:3.6.3-0ubuntu1.4+esm2
Available with Ubuntu Pro
mongodb-server-core 1:3.6.3-0ubuntu1.4+esm2
Available with Ubuntu Pro
After a standard system update you need to restart the mongodb
service to make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-8160-1
CVE-2025-14847
--===============4208885962956325328==Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
