What is CVE-2026-8431?

CVE-2026-8431 is a high-severity vulnerability in Mongodb, Inc. Ops Manager, classified under Command Injection. CVSS score: 7.2/10. Published 2026-05-12.

How severe is CVE-2026-8431?

High severity. CVSS v3 base score is 7.2 out of 10.

RCE in Mongodb, Inc. Ops Manager

CVE-2026-8431

An administrative user with access to configure webhooks can execute arbitrary commands by configuring and then triggering webhooks containing specific FreeMarker template syntax. This issue affects all MongoDB Ops Manager 7.0 versions…

Vulnerability class: Command Injection (OS Command Injection)

EPSS: 0.001 (21.5th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.2 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H.

Affected products

Mongodb, Inc. Ops Manager — versions 7.0

Weakness classification (CWE)

CWE-77 — Command Injection

References

cna@mongodb.com (release-notes)

Frequently asked questions

What is CVE-2026-8431?: CVE-2026-8431 is a high-severity vulnerability in Mongodb, Inc. Ops Manager, classified under Command Injection. CVSS score: 7.2/10. Published 2026-05-12.
How severe is CVE-2026-8431?: High severity. CVSS v3 base score is 7.2 out of 10.