VYPR
Medium severity6.5NVD Advisory· Published Mar 17, 2026· Updated Apr 10, 2026

CVE-2026-4147

CVE-2026-4147

Description

An authenticated user with the read role may read limited amounts of uninitialized stack memory via specially-crafted issuances of the filemd5 command.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

8
  • MongoDB/MongoDB7 versions
    cpe:2.3:a:mongodb:mongodb:*:*:*:*:-:*:*:*+ 6 more
    • cpe:2.3:a:mongodb:mongodb:*:*:*:*:-:*:*:*range: >=7.0.0,<7.0.31
    • cpe:2.3:a:mongodb:mongodb:8.3.0:alpha0:*:*:-:*:*:*
    • cpe:2.3:a:mongodb:mongodb:8.3.0:alpha1:*:*:-:*:*:*
    • cpe:2.3:a:mongodb:mongodb:8.3.0:alpha2:*:*:-:*:*:*
    • cpe:2.3:a:mongodb:mongodb:8.3.0:alpha3:*:*:-:*:*:*
    • cpe:2.3:a:mongodb:mongodb:8.3.0:rc1:*:*:-:*:*:*
    • (no CPE)
  • osv-coords
    Range: >= 7.0.0, < 7.0.31

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.