CLEANSTART-2026-WA48911

See a problem?
Import Source
https://github.com/cleanstart-dev/cleanstart-security-advisories/blob/main/advisories/2026/CLEANSTART-2026-WA48911.json
JSON Data
https://api.test.osv.dev/v1/vulns/CLEANSTART-2026-WA48911
Upstream
  • CVE-2026-39824
  • ghsa-f6x5-jh6r-wrfv
  • ghsa-j5w8-q4qc-rx2x
  • ghsa-pc3f-x583-g7j2
  • ghsa-pjcq-xvwq-hhpj
Published
2026-06-11T00:51:16.571546Z
Modified
2026-06-11T06:15:05.219559736Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
authenticated SSH client that repeatedly opened channels which were rejected by the server caused unbounded memory growth, eventually crashing the server process and affecting all connected users
Details

Multiple security vulnerabilities affect the percona-server-mongodb-operator package. An authenticated SSH client that repeatedly opened channels which were rejected by the server caused unbounded memory growth, eventually crashing the server process and affecting all connected users. See references for individual vulnerability details.

References

Affected packages

CleanStart / percona-server-mongodb-operator

Package

Name
percona-server-mongodb-operator

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.22.0-r1

Database specific

source 
"https://github.com/cleanstart-dev/cleanstart-security-advisories/blob/main/advisories/2026/CLEANSTART-2026-WA48911.json"