{"id":"CVE-2020-7926","details":"A user authorized to perform database queries may cause denial of service by issuing a specially crafted query which violates an invariant in the server selection subsystem. This issue affects MongoDB Server v4.4 versions prior to 4.4.1. Versions before 4.4 are not affected.","aliases":["BIT-mongodb-2020-7926"],"modified":"2026-05-18T21:45:58.091165Z","published":"2020-11-23T15:15:11.667Z","references":[{"type":"REPORT","url":"https://jira.mongodb.org/browse/SERVER-50170"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/mongodb/mongo","events":[{"introduced":"563487e100c4215e2dce98d0af2a6a5a2d67c5cf"},{"fixed":"ad91a93a5a31e175f5cbf8c69561e788bbc55ce1"}],"database_specific":{"extracted_events":[{"introduced":"4.4.0"},{"fixed":"4.4.1"}],"source":"CPE_FIELD","cpe":"cpe:2.3:a:mongodb:mongodb:*:*:*:*:*:*:*:*"}}],"versions":["r4.4.1-rc2","r4.4.1-rc1","r4.4.1-rc0","r4.4.0"],"database_specific":{"vanir_signatures_modified":"2026-05-18T21:45:58Z","vanir_signatures":[{"signature_type":"Function","signature_version":"v1","target":{"function":"__wt_txn_recover","file":"src/third_party/wiredtiger/src/txn/txn_recover.c"},"deprecated":false,"source":"https://github.com/mongodb/mongo/commit/ad91a93a5a31e175f5cbf8c69561e788bbc55ce1","id":"CVE-2020-7926-2d37e6c3","digest":{"length":5307,"function_hash":"151262211054760185720127152001316281250"}},{"signature_type":"Function","signature_version":"v1","target":{"function":"__recovery_file_scan","file":"src/third_party/wiredtiger/src/txn/txn_recover.c"},"deprecated":false,"source":"https://github.com/mongodb/mongo/commit/ad91a93a5a31e175f5cbf8c69561e788bbc55ce1","id":"CVE-2020-7926-6ed27bda","digest":{"length":595,"function_hash":"222802404687574253373945116552049107396"}},{"signature_type":"Line","signature_version":"v1","target":{"file":"src/third_party/wiredtiger/src/txn/txn_recover.c"},"deprecated":false,"source":"https://github.com/mongodb/mongo/commit/ad91a93a5a31e175f5cbf8c69561e788bbc55ce1","id":"CVE-2020-7926-98d23718","digest":{"line_hashes":["277395883631913544235843059429904341778","190131020086289323787365361718434822041","156593639150803104870368656550091158247","254599983326529039473066318940603712053","246215242810397006687658517823238030194","30585347245087757459584332338861806407","161438447538539267520882034343628408421","313471203792529671136136365005831013652","123414515668546916026728107986940604788","154943114112322522419481562731002026669","36833237464877143329818463633626119100","89153525433556070057976587890049189048"],"threshold":0.9}}],"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-7926.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}]}