Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

MongoDb Missing Authorization Vulnerability (CVE-2026-25609)

Description

Incorrect validation of the profile command may result in the determination that a request altering the 'filter' is read-only.

Remediation

References

Related Vulnerabilities

PHP Numeric Errors Vulnerability (CVE-2007-3996)

WordPress 'xmlrpc.php' Remote Security Bypass Vulnerability (3.0.1 - 3.0.2)

Oracle JRE CVE-2013-2444 Vulnerability (CVE-2013-2444)

WordPress Plugin W3 Total Cache Information Disclosure (0.9.2.4)

WordPress Plugin Widgets on Pages Cross-Site Scripting (1.6.0)

Severity

Medium

Classification

CVE-2026-25609 CWE-862 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Tags

Missing Update Known Vulnerabilities