CVE-2025-14847: MongoDB and MongoDB Server Improper Handling of Length

MongoDB and MongoDB Server Improper Handling of Length Parameter Inconsistency Vulnerability. MongoDB Server contains an improper handling of length parameter inconsistency vulnerability in Zlib compressed protocol headers. This vulnerability may allow a read of uninitialized heap memory by an unauthenticated client.

• CISA KEV-listed (remediation due 2026-01-19)
• EPSS 62.8% (98.4% percentile)

Browse the CVE database

Read the full analysis on IntelFusions