Copyright © 2012 Red Hat, Inc. All rights reserved. Moderate 2026-04-29T16:51:01 mongodb: MongoDB: Authorization flaw allows modification of other user's authentication data 6.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L CWE-266

A flaw was found in MongoDB. An authenticated user could exploit an authorization flaw in the user management command. This allows them to make limited changes to authentication-related data associated with another user account. Such modifications could affect how authentication is performed for the impacted account, potentially leading to unauthorized access or denial of service for that user.

Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability. Red Hat Ceph Storage 9 Fix deferred rhceph/alloy-rhel10 Red Hat OpenShift AI (RHOAI) Fix deferred rhoai/odh-workbench-jupyter-datascience-cpu-py312-rhel9 Red Hat OpenShift AI (RHOAI) Fix deferred rhoai/odh-workbench-jupyter-pytorch-cuda-py312-rhel9 Red Hat OpenShift AI (RHOAI) Fix deferred rhoai/odh-workbench-jupyter-pytorch-llmcompressor-cuda-py312-rhel9 Red Hat OpenShift AI (RHOAI) Fix deferred rhoai/odh-workbench-jupyter-pytorch-rocm-py312-rhel9 Red Hat OpenShift AI (RHOAI) Fix deferred rhoai/odh-workbench-jupyter-tensorflow-cuda-py312-rhel9 Red Hat OpenShift AI (RHOAI) Fix deferred rhoai/odh-workbench-jupyter-tensorflow-rocm-py312-rhel9 Red Hat OpenShift AI (RHOAI) Fix deferred rhoai/odh-workbench-jupyter-trustyai-cpu-py312-rhel9 Red Hat Satellite 6 Fix deferred python-pymongo https://www.cve.org/CVERecord?id=CVE-2026-6915 https://nvd.nist.gov/vuln/detail/CVE-2026-6915 https://jira.mongodb.org/browse/SERVER-119679