CVE-2026-5170
🔶 mediumSummary
A user with access to the cluster with a limited set of privilege actions can trigger a crash of a mongod process during the limited and unpredictable window when the cluster is being promoted from a replica set to a sharded cluster. This may cause a denial of service by taking down the primary of the replica set. This issue affects MongoDB Server v8.2 versions prior to 8.2.2, MongoDB Server v8.0 versions between 8.0.18, MongoDB Server v7.0 versions between 7.0.31.
CVSS Score
5.3
Medium
EPSS Score
0.0
Exploit Probability
Published Date
2026-03-30
First Seen: 2026-03-31
📊 Relative Risk Intelligence
This CVE is Lower Risk - more severe than 19.8% of all 321,566 vulnerabilities in our database.
#257,788
Below average severity
Severity Percentile
🎯 CISA SSVC Assessment Updated: Mar 30, 2026
🔍 Exploitation Status
None
No known exploits
⚙️ Automatable
NO
Requires human interaction
💥 Technical Impact
Partial
Limited system impact
SSVC data provided by
CISA
Last Modified
2026-04-02
Source
NVD 🔗
CVSS Vector 3.1
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
CVSS Vector 4.0
CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
CWE IDs (Weakness Types)