CVE-2026-6915

medium Red Hat
CVSS v3 Base Score
6.3
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
EPSS Score
0.0%
Exploitation probability in 30 days
Top 84% most likely to be exploited
Attack Characteristics
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Confidentiality
Low
Integrity
Low
Availability
Low
Published: April 29, 2026 (71 days ago)
Last Modified: April 29, 2026
Vendor: Red Hat
Source: REDHAT

Description

A flaw was found in MongoDB. An authenticated user could exploit an authorization flaw in the user management command. This allows them to make limited changes to authentication-related data associated with another user account. Such modifications could affect how authentication is performed for the impacted account, potentially leading to unauthorized access or denial of service for that user.

CWE

CWE-266

Affected Products

Red Hat Ceph Storage 9Red Hat OpenShift AI (RHOAI)Red Hat Satellite 6

References