NEWGet the latest CVEs, security bulletins, and incident updates on our Security Bulletins page. Learn more >Get the latest CVEs, security bulletins, and incident updates on our Security Bulletins page. >>

MongoDB Alerts

This page lists critical alerts and advisories for MongoDB. See the MongoDB JIRA for a comprehensive list of bugs and feature requests.

General

MongoDB Security Notice

1/23/24 - 6:00 PM EST

MongoDB has published a Post Event Summary for the security incident first reported here on December 16, 2023, US Eastern time (EST). As a reminder, our investigation is complete and closed, with our findings verified by our third-party forensic experts.

1/03/24 - 5:00 PM EST

Our investigation of the security incident first reported here on December 16, 2023, US Eastern time (EST) is now complete and closed.

The investigation led by our security and engineering teams uncovered no evidence of unauthorized access to MongoDB Atlas clusters. This finding has been verified by our third-party forensic experts.

We are committed to being timely and transparent with details about this Security Incident. We plan to release a post event summary as soon as practicable.

All updates >

Data Integrity Related

10/24/2024

Queries may return incomplete results when Time Series collections created prior to MongoDB 5.2 have been upgraded to MongoDB 6.0 or newer prior to those collections being cloned. Relatedly, Time Series collections on MongoDB Rapid Releases 7.1.0-7.3.3 that had their collection granularity changed via collMod while on those versions, may have also returned incomplete query results.

Affects:

Atlas, MongoDB Server

versions:

6.0.0 - 6.0.16
7.0.0 - 7.0.12
7.1.0 - 7.3.3

10/03/2024

A bug can cause incorrect results or crashes when running certain aggregation pipelines containing $group and $lookup while on MongoDB Server version 6.0.17.

Affects:

MongoDB Server

versions:

6.0.17

09/10/2024

The Node.js v22.7.0 runtime contains a regression related to its handling of UTF-8 encoding that can impact the data integrity of applications using the MongoDB Node.js driver. MongoDB does not use the affected Node.js version in any of its products, however, developers using MongoDB’s Node.js driver could experience data integrity issues when data is written to their clusters via the Node.js v22.7.0 runtime.

Affects:

MongoDB Node.js driver

versions:

Any MongoDB Node.js driver version if data was written using Node.js v22.7.0

08/15/2024

To balance load and maintain a high quality of service, the Atlas Serverless system occasionally migrates data of serverless instances between different database servers. Certain multi-write, non-transactional database commands are not safely auto-retried by Atlas Serverless upon migration completion, which can lead to incorrect updates and deletes behavior.

Affects:

Atlas Serverless

versions:

5.0+

07/02/2024

Issues during the initial data copy in mongosync 1.1.0 – 1.7.1 may lead to some writes or documents on the source not being replicated to the destination. Upgrade to mongosync version 1.7.2 or later. Atlas Live Migrate relies on mongosync for migrations to MongoDB 6.0+ and the fix has been applied to Atlas Live Migrate.

Affects:

Cluster-to-Cluster Sync (mongosync)

versions:

1.1.0 - 1.7.1

04/15/2024

Issues affecting multi-document transactions on sharded clusters which can cause sharded multi-document transactions to return incorrect data and possibly miss writes.

Affects:

MongoDB Server

versions:

4.4.0 - 4.4.29
5.0.0 - 5.0.25
6.0.0 - 6.0.14
7.0.0 - 7.0.8
7.1.0 - 7.3.1

02/20/2024

An issue in mongodump can cause keys in collection options to be dumped in the wrong order. These alterations could change the result set returned by a view or change which documents are accepted by a validator.

Affects:

Atlas, Mongodump

versions:

A fix has been released on Atlas, but free or shared clusters may have been impacted in the past.
Mongodump 4.2.0 - 100.9.0

11/29/2023

An issue affecting inserts to Sharded Time Series collections can result in inserted documents on these collections to be immediately orphaned, leading to documents not being returned by queries and potential data loss.

Affects:

MongoDB Server

versions:

5.0.6 - 5.0.21
6.0.0 - 6.0.11
7.0.0 - 7.0.2

11/10/2023

A race condition in mongosync 1.5 can lead to some writes on the source not being replicated to the destination. Upgrade to version 1.6 or later.

Affects:

Cluster-to-Cluster Sync (mongosync)

versions:

1.5.0

05/23/2023

A storage engine issue can cause inconsistent incremental Ops Manager and Cloud Manager backups. Clusters restored from affected incremental backups can crash with checksum errors. Atlas customers/backups are not affected.

Affects:

Ops Manager and Cloud Manager

versions:

4.4.8 - 4.4.21
5.0.2 - 5.0.17
6.0.0 - 6.0.5

03/14/2023

A storage engine bug in MongoDB running on ARM64 or POWER architectures may store documents or index entries out of order, leading to inconsistencies and improperly sorted or incomplete query results.

Affects:

MongoDB Server

versions:

4.2.0 - 4.2.23
4.4.0 - 4.4.18
5.0.0 - 5.0.14
6.0.0 - 6.0.4
6.1.0 - 6.2.0

09/19/2022

A MongoDB agent issue in Atlas, Ops Manager, and Cloud Manager can cause automated "rolling index builds" to introduce index inconsistencies. MongoDB clusters on other platforms are not affected.

Affects:

Atlas, Ops Manager, and Cloud Manager

versions:

MongoDB versions 4.2.19+, 4.4.13+, 5.0.6+, 5.1-5.3, and 6.0.0+ running on:
- Atlas - a fix has been released on Atlas, but clusters may have been impacted in the past.
- Ops Manager versions 5.0.10-5.0.14 and 6.0.0-6.0.2
- Cloud Manager running MongoDB Agent version from 11.13.0.7438-1 to 12.4.0.7702-1

08/11/2022

A behavior change for improperly configured time-to-live (TTL) indexes can suddenly expire documents when upgrading to MongoDB 5.0 or 6.0 from version 4.4 or earlier.

Affects:

MongoDB Server

versions:

5.0.X
6.0.X

08/10/2022

A sharding metadata bug in MongoDB versions 5.0.0-5.0.10 and 6.0.0 can introduce corruption during a movePrimary command.

Affects:

MongoDB Server

versions:

5.0.0 - 5.0.10
6.0.0

11/12/2021

A storage engine bug in MongoDB 4.4.3 and 4.4.4 can introduce corruption when upgrading to 4.4.8-4.4.10 or 5.0.2-5.0.5. It is safe to upgrade from versions 4.4.3 and 4.4.4 directly to 4.4.11+ or 5.0.6+

Affects:

MongoDB Server

versions:

4.4.3
4.4.4

09/22/2021

A storage engine bug in MongoDB 4.4.2-4.4.8, and 5.0.0-5.0.2 can cause inconsistent data after an unclean shutdown and restart. Upgrade to version 4.4.9 or 5.0.3.

Affects:

MongoDB Server

versions:

4.4.2-4.4.8
5.0.0-5.0.2

09/22/2021

A storage engine bug in MongoDB 4.4.8 can cause inconsistent data after an unclean shutdown and restart. Upgrade to version 4.4.9.

Affects:

MongoDB Server

versions:

4.4.8

08/06/2021

A storage engine bug in MongoDB 4.4.7, 5.0.0, and 5.0.1 allows some inserts to violate unique index constraints. Upgrade to version 4.4.8 or 5.0.2.

Affects:

MongoDB Server

versions:

4.4.7
5.0.0
5.0.1

05/19/2021

A storage engine bug in MongoDB 4.4.5 causes crashes on startup and may cause temporary query correctness issues. Upgrade to version 4.4.6.

Affects:

MongoDB Server

versions:

4.4.5

10/12/2020

Possible Corruption of Backup Snapshots on certain MongoDB 4.2+ Products

Affects:

MongoDB Server

versions:

4.2+

06/16/2020

Possible buffer overflow may result cause in-memory corruption on MongoDB 4.2.7 with incremental backup enabled.

Affects:

MongoDB Server

versions:

4.2.7

01/09/2020

A memory management bug can cause lost documents and index inconsistencies on replica set secondaries that restart during index builds.

Affects:

MongoDB Server

versions:

4.2.0
4.2.1

01/07/2020

When MongoDB recovers from an unclean shutdown, it is possible for the recovery process to corrupt documents that have received size-changing updates.

Affects:

MongoDB Server

versions:

3.6.14
3.6.15

09/23/2019

A memory management bug can cause failed operations, process crashes, and in-memory corruption of data that may be persisted to disk.

Affects:

MongoDB Server

versions:

4.2.0

02/22/2018

We have identified a bug in MongoDB Compass where modification or deletion of a document through Compass may occur on a different document than expected under certain specific conditions.

Affects:

Compass

versions:

1.3.x - 1.11.1

05/03/2016

While a background index build is in progress, document updates modifying fields contained in the index specification may, under specific circumstances, cause mismatched index entries to appear. This has an impact on queries that use affected indexes.

Affects:

Indexing

versions:

3.0
3.2

03/30/2016

During chunk migrations, insert and update operations affecting data within a migrating chunk are not reflected to the recipient shard, resulting in data loss.

Affects:

Sharding

versions:

3.0.9
3.0.10

12/16/2015

In a replica set, if a secondary node is shut down cleanly while replicating writes, the node may mark certain replicated operations as successfully applied even though they have not.

Affects:

Replication

versions:

3.2.0

12/09/2015

A race condition in WiredTiger may prevent a write operation from becoming immediately visible to subsequent read operations, which may result in various problems, primarily impacting replication.

Affects:

WiredTiger

versions:

3.0.0 - 3.0.7

06/15/2015

Sharded clusters where the balancer is enabled (or there are manual chunk migrations), containing WiredTiger nodes that may become primary, may lose writes to a chunk being migrated if that chunk is under a heavy write load.

Affects:

Sharding

versions:

3.0.0 - 3.0.3

10/02/2014

MongoDB installations on certain 3.x Linux kernels running on VMWare and using virtual SCSI disks managed by LVM may see corruption in namespace (.ns) files.

Affects:

Storage

versions:

2.4.11
2.6.4

08/03/2014

An update to a text-indexed field may fail to update the text index. As a result, a text search may not match the field contents, yielding incorrect search results.

Affects:

Text Search

versions:

2.4.0 - 2.4.10
2.6.0

01/01/2014

Under very rare circumstances mongos may incorrectly report a write as successful.

Affects:

Sharding

versions:

2.2.0 - 2.2.6
2.4.0 - 2.4.8

10/21/2013

During a chunk migration in a sharded cluster, if one of the documents in the chunk has a size in the range of 16,776,185 and 16,777,216 bytes (inclusive), then some documents may be lost during the migration process

Affects:

Sharding

versions:

2.2.0 - 2.2.5
2.4.0 - 2.4.4

03/21/2013

Secondary indexes (i.e. all indexes other than _id) may be corrupted on an initial sync if write operations are performed on the sync source during the initial sync.

Affects:

Replication

versions:

2.4.0

Operations Related

10/29/2013

Caching of dbhash results may result in stale values, potentially causing disagreement among sharded cluster config servers.

Affects:

MongoDB Server

versions:

2.4.7