CVE-2026-8431

HIGH

7.2CVSS v3

—CVSS v2

0.07% EPSS (exploit probability)

CWE-77CWE

Description

An administrative user with access to configure webhooks can execute arbitrary commands by configuring and then triggering webhooks containing specific FreeMarker template syntax.

This issue affects all MongoDB Ops Manager 7.0 versions and MongoDB Ops Manager versions 8.0.22 and prior.

CVSS v3 vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Affected routers (0)

No routers currently mapped to this CVE in our database.

External references

NIST NVD
MITRE CVE