Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

MongoDb Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2026-1848)

Description

Connections received from the proxy port may not count towards total accepted connections, resulting in server crashes if the total number of connections exceeds available resources. This only applies to connections accepted from the proxy port, pending the proxy protocol header.

Remediation

References

Related Vulnerabilities

PrestaShop Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-21967)

WordPress Plugin WordPress Bitcoin Payments-Blockonomics Cross-Site Scripting (3.2)

WordPress Plugin Codestyling Localization 'name' Parameter Cross-Site Scripting (1.99.19)

WordPress Plugin Click to Chat Cross-Site Scripting (1.6)

Apache HTTP Server Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2024-27316)

Severity

High

Classification

CVE-2026-1848 CWE-770 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Tags

Missing Update Known Vulnerabilities