Alert GCSA-26091 - Vulnerabilita' in MongoDB

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ****************************************************************** alert ID: GCSA-26091 data: 20 maggio 2026 titolo: Vulnerabilita' in MongoDB ****************************************************************** :: Descrizione del problema Sono state rilasciate nuove versioni del database MongoDB che risolvono varie vulnerabilita', anche di livello alto. Maggiori informazioni sono disponibili alla sezione "Riferimenti". :: Software interessato MongoDB Server versioni precedenti alla 7.0.34 MongoDB Server versioni precedenti alla 8.0.23 MongoDB Server versioni precedenti alla 8.2.9 MongoDB Server versioni precedenti alla 8.3.2 :: Impatto Denial of Service (DoS) Accesso a dati riservati (ID) Esecuzione remota di codice arbitrario (RCE) Bypass delle funzionalita' di sicurezza (SFB) Falsificazione dei dati (Spoofing) :: Soluzione Aggiornare il prodotto all'ultima versione. https://www.mongodb.com/docs/manual/tutorial/upgrade-revision/ Release Notes for MongoDB 8.3.2 - May 12, 2026 https://www.mongodb.com/docs/manual/release-notes/8.3/#std-label-release-notes-8.3 Release Notes for MongoDB 8.2.9 - May 12, 2026 https://www.mongodb.com/docs/manual/release-notes/8.2/#std-label-release-notes-8.2 :: Riferimenti https://www.mongodb.com/resources/products/alerts#security MongoDB - Core Server Issues https://jira.mongodb.org/browse/SERVER-116327 https://jira.mongodb.org/browse/SERVER-115508 https://jira.mongodb.org/browse/SERVER-126021 https://jira.mongodb.org/browse/SERVER-121610 https://jira.mongodb.org/browse/SERVER-120668 https://jira.mongodb.org/browse/SERVER-122032 https://jira.mongodb.org/browse/SERVER-122449 https://jira.mongodb.org/browse/SERVER-121851 https://jira.mongodb.org/browse/SERVER-119679 https://jira.mongodb.org/browse/SERVER-119981 https://jira.mongodb.org/browse/CDRIVER-6134 Mitre CVE https://www.cve.org/CVERecord?id=CVE-2026-8843 https://www.cve.org/CVERecord?id=CVE-2026-8053 https://www.cve.org/CVERecord?id=CVE-2026-8063 https://www.cve.org/CVERecord?id=CVE-2026-6691 https://www.cve.org/CVERecord?id=CVE-2026-8199 https://www.cve.org/CVERecord?id=CVE-2026-8200 https://www.cve.org/CVERecord?id=CVE-2026-8201 https://www.cve.org/CVERecord?id=CVE-2026-8202 https://www.cve.org/CVERecord?id=CVE-2026-8336 https://www.cve.org/CVERecord?id=CVE-2026-8431 https://www.cve.org/CVERecord?id=CVE-2026-6811 https://www.cve.org/CVERecord?id=CVE-2026-6914 https://www.cve.org/CVERecord?id=CVE-2026-6915 GARR CERT Security Alert - subscribe/unsubscribe: https://www.cert.garr.it/alert/ricevi-gli-alert-di-cert -----BEGIN PGP SIGNATURE----- iF0EAREIAB0WIQTGpdiR5MqstacBGHbBnEyTZRJgQgUCag3CbgAKCRDBnEyTZRJg Qn9oAKDA4yGE75RHYZ1QZCQhs+8Fpl2QjQCgjxH5vuc5FIWxhzvXd9HmVDe1UCQ= =YjOw -----END PGP SIGNATURE-----