2463874 – (CVE-2026-6915) CVE-2026-6915 mongodb: MongoDB: Authorization flaw allows modification of other user's authentication data

Bug 2463874 (CVE-2026-6915) - CVE-2026-6915 mongodb: MongoDB: Authorization flaw allows modification of other user's authentication data

Summary: CVE-2026-6915 mongodb: MongoDB: Authorization flaw allows modification of oth...

Keywords:
Status:	NEW
Alias:	CVE-2026-6915
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2026-04-29 18:01 UTC by OSIDB Bzimport
Modified:	2026-05-08 10:54 UTC (History)
CC List:	23 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2026-04-29 18:01:28 UTC

An authorization flaw in the user management command could allow an authenticated user to make limited changes to authentication-related data associated with another user account. This could affect how authentication is performed for the impacted account.

Note You need to log in before you can comment on or make changes to this bug.

amctagga
anthomas
aoconnor
bniver
ehelms
flucifre
ggainey
gmeno
groman
jkoehler
juwatts
lphiri
mbenjamin
mhackett
mhulan
nmoumoul
osousa
pcreech
rchan
smallamp
sostapov
tmalecek
vereddy