CVE-2019-10758βMongoDB mongo-express Remote Code Execution Vulnerability
PUBLISHEDvulnerability record
2021-12-10 Β· last modified June 21, 2025
Metadata
Vulnerability Name
MongoDB mongo-express Remote Code Execution Vulnerability
Description
mongo-express before 0.54.0 is vulnerable to Remote Code Execution via endpoints that uses the `toBSON` method.
Known To Be Used in Ransomware Campaigns?
Action
Apply updates per vendor instructions.