MongoDB Shell may be susceptible to control character Injection via shell output
- Severity:
- Low
Description
The MongoDB Shell may be susceptible to control character injection where an attacker with control over the database cluster contents can inject control characters into the shell output.
Recommendation
Update the mongosh package to the latest compatible version. Followings are version details:
- Affected version(s): < 2.3.9
- Patched version(s): 2.3.9
References
Related Issues
- MongoDB Shell may be susceptible to Control Character Injection via autocomplete - CVE-2025-1691
- MongoDB Shell may be susceptible to control character injection via pasting - CVE-2025-1692
- Command Injection via Unsanitized `locate` Output in `versions()` — systeminformation - CVE-2026-26318
- @siteboon/claude-code-ui Vulnerable to Unauthenticated RCE via WebSocket Shell Injection - CVE-2026-31975
You might also like:
- Tags:
- npm
- mongosh
Anything's wrong? Let us know Last updated on February 27, 2025


